CVE-2010-2445
freeciv 2.2-2.2.1 and 2.3 - Remote Code Execution via Lua Scenario Scripting
Title source: llmDescription
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/24/5
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:205
Patch x_refsource_confirm
http://gna.org/bugs/?15624
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/09/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/65192
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html
Scores
EPSS
0.0334
EPSS Percentile
87.2%
Details
CWE
CWE-78
Status
published
Products (2)
freeciv/freeciv
2.2.0 (5 CPE variants)
freeciv/freeciv
2.3.0 dev
Published
Jul 08, 2010
Tracked Since
Feb 18, 2026