Project

General

Profile

Actions
Copy link

Bug #1955

closed

Network code (recursive jumbo packets) DOS attack, CVE-2026-33250

Added by Marko Lindqvist 20 days ago. Updated about 9 hours ago.

Status:
Closed
Priority:
Blocker
Assignee:
Marko Lindqvist
Category:
General
Target version:
3.2.4
Start date:
03/02/2026
Due date:
% Done:

0%

Estimated time:

Description

Louis Moureaux reports:

"The exploit works by sending a recursive
stream of jumbo packets, the server dies from stack exhaustion. I attach a PoC
script that kills a local server."

All versions of freeciv prior to (upcoming) 3.2.4 are vulnerable. As the attack happens at low level packet handling code, attacker can crash the server already before fully establishing the connection, so things like requirement for the clients to authenticate themselves won't protect from the attack.

Attached are fixes to all branches S2_6 - main.

Files

Download all files
0025-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch (6.58 KB) 0025-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch main Marko Lindqvist, 03/03/2026 07:06 AM
0007-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch (6.58 KB) 0007-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch S3_3 Marko Lindqvist, 03/19/2026 01:28 PM
0004-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch (6.58 KB) 0004-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch S3_2 Marko Lindqvist, 03/19/2026 11:09 PM
0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch (6.6 KB) 0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch S3_1 Marko Lindqvist, 03/19/2026 11:09 PM
0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch (6.6 KB) 0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch S3_0 Marko Lindqvist, 03/19/2026 11:09 PM
0006-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch (5.34 KB) 0006-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch S2_6 Marko Lindqvist, 03/19/2026 11:09 PM
Actions
Copy link
 #1

Updated by Marko Lindqvist 19 days ago

  • File bomb.py added
  • Description updated (diff)
Actions
Copy link
 #2

Updated by Marko Lindqvist 19 days ago

Actions
Copy link
 #3

Updated by Marko Lindqvist 19 days ago

  • File 0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch added
  • File 0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch added
  • File 0006-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch added
Actions
Copy link
 #4

Updated by Marko Lindqvist 3 days ago

  • Subject changed from Vulnerability to Network code (recursive jumbo packets) DOS attack, CVE-2026-33250
Actions
Copy link
 #6

Updated by Marko Lindqvist 3 days ago

  • Description updated (diff)
Actions
Copy link
 #7

Updated by Marko Lindqvist 3 days ago

  • File deleted (bomb.py)
Actions
Copy link
 #8

Updated by Marko Lindqvist 3 days ago

Withhold the bomb.py until people have had some time to patch.

Actions
Copy link
 #9

Updated by Marko Lindqvist 2 days ago

  • File deleted (0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch)
Actions
Copy link
 #10

Updated by Marko Lindqvist 2 days ago

  • File deleted (0003-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch)
Actions
Copy link
 #11

Updated by Marko Lindqvist 2 days ago

  • File deleted (0006-Protect-against-DOS-attack-with-recursive-jumbo-pack.patch)
Actions
Copy link
 #13

Updated by Marko Lindqvist about 10 hours ago

  • Private changed from Yes to No
Actions
Copy link
 #14

Updated by Marko Lindqvist about 9 hours ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF