Bug #1955
Updated by Marko Lindqvist 3 days ago
Louis Moureaux reports:
"The exploit works by sending a recursive
stream of jumbo packets, the server dies from stack exhaustion. I attach a PoC
script that kills a local server."
All versions of freeciv prior to (upcoming) 3.2.4 are vulnerable. As the attack happens at low level packet handling code, attacker can crash the server already before fully establishing the connection, so things like requirement for the clients to authenticate themselves won't protect from the attack.
Attached are fixes to all branches S2_6 - main.