CVE-2018-1999023

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

References

https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380

Affected packages

Git / github.com/wesnoth/wesnoth

Affected ranges

Type

GIT

Repo

https://github.com/wesnoth/wesnoth

Events

Introduced

adee85e1cbd14bc71827a0d81728ccf80705d1e4

Last affected

51609d2cef4e42e067d09ebba7b0b0a30b7bce01

Database specific

{
    "versions": [
        {
            "introduced": "1.7.0"
        },
        {
            "last_affected": "1.14.3"
        }
    ]
}

Affected versions

1.*

1.10.0

1.11.0

1.11.1

1.11.10

1.11.10-retag

1.11.11

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.13.0

1.13.1

1.13.10

1.13.10-retag

1.13.11

1.13.12

1.13.13

1.13.14

1.13.2

1.13.3

1.13.4

1.13.5

1.13.6

1.13.7

1.13.8

1.14.0

1.14.2

1.14.3

1.7.0

1.7.1

1.7.10

1.7.11

1.7.12

1.7.13

1.7.14

1.7.15

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8.0

1.9.0

1.9.1

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

Other

original_master

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999023.json"