CVE-2006-3913

Name of the Vulnerable Software and Affected Versions Freeciv versions 2.1.0-beta1 and earlier Freeciv SVN versions prior to 15 Jul 2006

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative chunk length or a large chunk->offset value in a PACKET PLAYER ATTRIBUTE CHUNK packet in the generic handle player attribute chunk function, and a large packet->length value in the handle unit orders function.

Recommendations For Freeciv versions 2.1.0-beta1 and earlier, update to a version later than 2.1.0-beta1 to resolve the issue. For Freeciv SVN versions prior to 15 Jul 2006, update to a version later than 15 Jul 2006 to resolve the issue.