CVE-2018-1999023

Name
CVE-2018-1999023
Description
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:wesnoth:the_battle_for_wesnoth:*:*:*:*:*:*:*:* the_battle_for_wesnoth >= 1.7.0 <= 1.14.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status