Freeciv21 Stack Overflow Vulnerability (CVE-2026-33250)
Freeciv21 versions prior to 3.1.1 are vulnerable to a stack overflow when processing specially-crafted packets, allowing a remote attacker to crash public servers or a malicious server to crash a player's game.
Freeciv21, a free and open-source turn-based strategy game, is susceptible to a critical stack overflow vulnerability (CVE-2026-33250) in versions prior to 3.1.1. This flaw arises from the improper handling of specially-crafted network packets. An unauthenticated remote attacker can leverage this vulnerability to trigger a denial-of-service (DoS) condition by crashing public Freeciv21 servers. Alternatively, a malicious Freeciv21 server can exploit this vulnerability to crash the game client running on a player's machine. The default logging configuration does not provide sufficient information to effectively diagnose or investigate exploitation attempts. Users are advised to upgrade to Freeciv21 version 3.1.1 to remediate this vulnerability. Implementing a firewall to protect non-public servers is also recommended as a mitigation strategy. Local games, which restrict connections to the current user, are not affected by this vulnerability.
Attack Chain
- Attacker identifies a vulnerable Freeciv21 server running a version prior to 3.1.1.
- Attacker crafts a malicious network packet designed to trigger a stack overflow.
- Attacker sends the specially-crafted packet to the vulnerable Freeciv21 server.
- The Freeciv21 server processes the malicious packet, leading to a stack overflow.
- The stack overflow corrupts the server's memory, causing the server application to crash.
- (Alternative) A player connects to a malicious Freeciv21 server.
- The malicious server sends a specially-crafted packet to the player's Freeciv21 client.
- The client processes the packet, causing a stack overflow and crashing the game on the player's machine, resulting in a denial-of-service condition for the player.
Impact
Successful exploitation of this vulnerability can lead to a denial-of-service condition. For public Freeciv21 servers, this means the server becomes unavailable to legitimate players, disrupting gameplay and potentially impacting the server's reputation. If exploited against a player's client, it crashes the game, causing frustration and loss of progress. The number of affected servers and players depends on the adoption rate of the vulnerable Freeciv21 versions.
Recommendation
- Upgrade all Freeciv21 server and client installations to version 3.1.1 to patch CVE-2026-33250.
- Deploy the Sigma rule
Detect Suspicious Network Traffic to Freeciv21 Serverto identify potentially malicious packets sent to Freeciv21 servers. - Implement a firewall in front of Freeciv21 servers to restrict access and potentially mitigate the impact of malicious packets as mentioned in the overview.
Detection coverage 2
Detect Suspicious Network Traffic to Freeciv21 Server
mediumDetects network connections with high data transfer to the Freeciv21 server port, which might indicate a DoS attack.
Detect Freeciv21 Server Crash
highDetects Freeciv21 server process termination that may indicate a crash due to CVE-2026-33250.
Detection queries are available on the platform. Get full rules →