CVE-2012-5645

HIGH

freeciv < 2.3.4 - Denial of Service via Crafted Packet Processing

Title source: llm
STIX 2.1

Description

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

References (13)

Core 13
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2012-5645
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/12/18/5
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/12/31/2
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/12/22/4
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/12/30/11
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/12/30/8
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/41352
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306

Scores

CVSS v3 7.5
EPSS 0.0425
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (4)
fedoraproject/fedora 16
fedoraproject/fedora 17
fedoraproject/fedora 18
freeciv/freeciv < 2.3.4
Published Dec 30, 2019
Tracked Since Feb 18, 2026