FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wesnoth -- Code Injection vulnerability

Affected packages
1.7.0 <= wesnoth < 1.14.4,1

Details

VuXML ID bad59128-c188-11e8-9d40-f0def10dca57
Discovery 2018-07-14
Entry 2018-09-26

shadowm reports:

A severe bug was found in the game client which could allow a malicious user to execute arbitrary code through the Lua engine by using specially-crafted code in add-ons, saves, replays, or networked games. This issue affects all platforms and all existing releases since Wesnoth version 1.7.0. Users of all previous version should upgrade immediately.

References

CVE Name CVE-2018-1999023
URL https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380