cpe:/a:wesnoth:wesnoth:1.2 cpe:/a:wesnoth:wesnoth:1.2.1 cpe:/a:wesnoth:wesnoth:1.2.2 cpe:/a:wesnoth:wesnoth:1.2.3 cpe:/a:wesnoth:wesnoth:1.2.4 cpe:/a:wesnoth:wesnoth:1.2.5 cpe:/a:wesnoth:wesnoth:1.2.6 cpe:/a:wesnoth:wesnoth:1.3.1 cpe:/a:wesnoth:wesnoth:1.3.2 cpe:/a:wesnoth:wesnoth:1.3.3 cpe:/a:wesnoth:wesnoth:1.3.4 cpe:/a:wesnoth:wesnoth:1.3.5 cpe:/a:wesnoth:wesnoth:1.3.6 cpe:/a:wesnoth:wesnoth:1.3.7 cpe:/a:wesnoth:wesnoth:1.3.8 CVE-2007-3917 2007-10-11T06:17:00.000-04:00 2017-07-28T21:32:37.223-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2007-10-11T11:24:00.000-04:00 BID 25995 SECUNIA 27137 SECUNIA 27218 SECUNIA 27241 OSVDB 41711 VUPEN ADV-2007-3449 DEBIAN DSA-1386 FEDORA FEDORA-2007-2496 CONFIRM http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download CONFIRM http://www.wesnoth.org/forum/viewtopic.php?p=256618 CONFIRM http://www.wesnoth.org/forum/viewtopic.php?t=18188 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=324841 XF wesnoth-utf8-dos(37047) The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.