CVE-2010-2445

freeciv 2.2-2.2.1 and 2.3 - Remote Code Execution via Lua Scenario Scripting

Title source: llm
STIX 2.1

Description

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/24/5
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:205
Patch x_refsource_confirm
http://gna.org/bugs/?15624
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/09/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/65192

Scores

EPSS 0.0334
EPSS Percentile 87.2%

Details

CWE
CWE-78
Status published
Products (2)
freeciv/freeciv 2.2.0 (5 CPE variants)
freeciv/freeciv 2.3.0 dev
Published Jul 08, 2010
Tracked Since Feb 18, 2026