Published: 26/09/2017 Updated: 10/10/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 3.1 | Impact Score: 1.4 | Exploitability Score: 1.6

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth prior to 1.12.4 and 1.13.x prior to 1.13.1, when a case-insensitive filesystem is used, allow remote malicious users to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wesnoth battle for wesnoth
wesnoth battle for wesnoth 1.13.0
fedoraproject fedora 21
fedoraproject fedora 22

CWE-200 https://gna.org/bugs/?23504 https://github.com/wesnoth/wesnoth/releases/tag/1.13.1 https://github.com/wesnoth/wesnoth/releases/tag/1.12.4 https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 http://www.securityfocus.com/bid/75425 http://www.openwall.com/lists/oss-security/2015/06/25/12 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5070

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect