Main Vulnerability Database Vulnerabilities #VU14013

#VU14013 Code injection in The Battle for Wesnoth - CVE-2018-1999023

Published: July 25, 2018 / Updated: July 26, 2018

Vulnerability identifier: #VU14013

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-1999023

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
The Battle for Wesnoth

Software vendor:
The Battle for Wesnoth Project

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a code injection in the Lua scripting engine. A remote unauthenticated attacker can load a specially crafted saved games, networked games, replays, and player content to execute arbitrary code outside the sandbox.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 1.14.4.

External links

https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380

#VU14013 Code injection in The Battle for Wesnoth - CVE-2018-1999023

Description

Remediation

External links

Please verify you're human