CVE-2006-0047 : packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.

Published 2006-03-07 11:02:00

Updated 2025-04-03 01:03:51

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2006-0047

Freeciv » Freeciv » Version: 2.0.0
cpe:2.3:a:freeciv:freeciv:2.0.0:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.1
cpe:2.3:a:freeciv:freeciv:2.0.1:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.2
cpe:2.3:a:freeciv:freeciv:2.0.2:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.3
cpe:2.3:a:freeciv:freeciv:2.0.3:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.7
cpe:2.3:a:freeciv:freeciv:2.0.7:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.7a
cpe:2.3:a:freeciv:freeciv:2.0.7a:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.4
cpe:2.3:a:freeciv:freeciv:2.0.4:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.5
cpe:2.3:a:freeciv:freeciv:2.0.5:*:*:*:*:*:*:*
Matching versions
Freeciv » Freeciv » Version: 2.0.6
cpe:2.3:a:freeciv:freeciv:2.0.6:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-0047

EPSS FAQ

13.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0047

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2006-0047

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-0047

http://www.vupen.com/english/advisories/2006/0838

Site en construction
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25166

Freeciv packets.c denial of service CVE-2006-0047 Vulnerability Report
http://www.gentoo.org/security/en/glsa/glsa-200603-11.xml

Freeciv: Denial of service (GLSA 200603-11) — Gentoo security
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211

#355211 - freeciv-server: security hole - Debian Bug report logs
http://secunia.com/advisories/19253

About Secunia Research | Flexera
Vendor Advisory
http://www.debian.org/security/2006/dsa-994

[SECURITY] [DSA 994-1] New freeciv packages fix denial of service
http://www.securityfocus.com/bid/16975

Patch
http://secunia.com/advisories/19227

About Secunia Research | Flexera
Vendor Advisory
http://www.securityfocus.com/archive/1/426866/100/0/threaded
http://secunia.com/advisories/19120

About Secunia Research | Flexera
Patch;Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:053

Mandriva

Jump to

Vulnerability Details : CVE-2006-0047

Products affected by CVE-2006-0047

Exploit prediction scoring system (EPSS) score for CVE-2006-0047

CVSS scores for CVE-2006-0047

CWE ids for CVE-2006-0047

References for CVE-2006-0047