{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/freeciv21/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Freeciv21"],"_cs_severities":["high"],"_cs_tags":["freeciv21","stack-overflow","denial-of-service","cve-2026-33250","linux"],"_cs_type":"advisory","_cs_vendors":["Freeciv21"],"content_html":"\u003cp\u003eFreeciv21, a free and open-source turn-based strategy game, is susceptible to a critical stack overflow vulnerability (CVE-2026-33250) in versions prior to 3.1.1. This flaw arises from the improper handling of specially-crafted network packets. An unauthenticated remote attacker can leverage this vulnerability to trigger a denial-of-service (DoS) condition by crashing public Freeciv21 servers. Alternatively, a malicious Freeciv21 server can exploit this vulnerability to crash the game client running on a player's machine. The default logging configuration does not provide sufficient information to effectively diagnose or investigate exploitation attempts. Users are advised to upgrade to Freeciv21 version 3.1.1 to remediate this vulnerability. Implementing a firewall to protect non-public servers is also recommended as a mitigation strategy. Local games, which restrict connections to the current user, are not affected by this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Freeciv21 server running a version prior to 3.1.1.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious network packet designed to trigger a stack overflow.\u003c/li\u003e\n\u003cli\u003eAttacker sends the specially-crafted packet to the vulnerable Freeciv21 server.\u003c/li\u003e\n\u003cli\u003eThe Freeciv21 server processes the malicious packet, leading to a stack overflow.\u003c/li\u003e\n\u003cli\u003eThe stack overflow corrupts the server's memory, causing the server application to crash.\u003c/li\u003e\n\u003cli\u003e(Alternative) A player connects to a malicious Freeciv21 server.\u003c/li\u003e\n\u003cli\u003eThe malicious server sends a specially-crafted packet to the player's Freeciv21 client.\u003c/li\u003e\n\u003cli\u003eThe client processes the packet, causing a stack overflow and crashing the game on the player's machine, resulting in a denial-of-service condition for the player.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a denial-of-service condition. For public Freeciv21 servers, this means the server becomes unavailable to legitimate players, disrupting gameplay and potentially impacting the server's reputation. If exploited against a player's client, it crashes the game, causing frustration and loss of progress. The number of affected servers and players depends on the adoption rate of the vulnerable Freeciv21 versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all Freeciv21 server and client installations to version 3.1.1 to patch CVE-2026-33250.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Network Traffic to Freeciv21 Server\u003c/code\u003e to identify potentially malicious packets sent to Freeciv21 servers.\u003c/li\u003e\n\u003cli\u003eImplement a firewall in front of Freeciv21 servers to restrict access and potentially mitigate the impact of malicious packets as mentioned in the overview.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-30T12:00:00Z","date_published":"2024-01-30T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-30-freeciv21-stack-overflow/","summary":"Freeciv21 versions prior to 3.1.1 are vulnerable to a stack overflow when processing specially-crafted packets, allowing a remote attacker to crash public servers or a malicious server to crash a player's game.","title":"Freeciv21 Stack Overflow Vulnerability (CVE-2026-33250)","url":"https://feed.craftedsignal.io/briefs/2024-01-30-freeciv21-stack-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Freeciv21","version":"https://jsonfeed.org/version/1.1"}