296,335
Total vulnerabilities in the database
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.
| Software | From | Fixed in |
|---|---|---|
| wesnoth / wesnoth | 1.2.4 | 1.2.4.x |
| wesnoth / wesnoth | 1.3.6 | 1.3.6.x |
| wesnoth / wesnoth | 1.2.2 | 1.2.2.x |
| wesnoth / wesnoth | 1.3.1 | 1.3.1.x |
| wesnoth / wesnoth | 1.3.2 | 1.3.2.x |
| wesnoth / wesnoth | 1.2.1 | 1.2.1.x |
| wesnoth / wesnoth | 1.3.5 | 1.3.5.x |
| wesnoth / wesnoth | 1.3.3 | 1.3.3.x |
| wesnoth / wesnoth | 1.2.5 | 1.2.5.x |
| wesnoth / wesnoth | 1.3.4 | 1.3.4.x |
| wesnoth / wesnoth | 1.2.3 | 1.2.3.x |
| wesnoth / wesnoth | 1.2.6 | 1.2.6.x |
| wesnoth / wesnoth | 1.2 | 1.2.x |
| wesnoth / wesnoth | 1.3.7 | 1.3.7.x |
| wesnoth / wesnoth | 1.3.8 | 1.3.8.x |