<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-33250 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-33250/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 30 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-33250/feed.xml" rel="self" type="application/rss+xml"/><item><title>Freeciv21 Stack Overflow Vulnerability (CVE-2026-33250)</title><link>https://feed.craftedsignal.io/briefs/2024-01-30-freeciv21-stack-overflow/</link><pubDate>Tue, 30 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-30-freeciv21-stack-overflow/</guid><description>Freeciv21 versions prior to 3.1.1 are vulnerable to a stack overflow when processing specially-crafted packets, allowing a remote attacker to crash public servers or a malicious server to crash a player's game.</description><content:encoded><![CDATA[<p>Freeciv21, a free and open-source turn-based strategy game, is susceptible to a critical stack overflow vulnerability (CVE-2026-33250) in versions prior to 3.1.1. This flaw arises from the improper handling of specially-crafted network packets. An unauthenticated remote attacker can leverage this vulnerability to trigger a denial-of-service (DoS) condition by crashing public Freeciv21 servers. Alternatively, a malicious Freeciv21 server can exploit this vulnerability to crash the game client running on a player's machine. The default logging configuration does not provide sufficient information to effectively diagnose or investigate exploitation attempts. Users are advised to upgrade to Freeciv21 version 3.1.1 to remediate this vulnerability. Implementing a firewall to protect non-public servers is also recommended as a mitigation strategy. Local games, which restrict connections to the current user, are not affected by this vulnerability.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a vulnerable Freeciv21 server running a version prior to 3.1.1.</li>
<li>Attacker crafts a malicious network packet designed to trigger a stack overflow.</li>
<li>Attacker sends the specially-crafted packet to the vulnerable Freeciv21 server.</li>
<li>The Freeciv21 server processes the malicious packet, leading to a stack overflow.</li>
<li>The stack overflow corrupts the server's memory, causing the server application to crash.</li>
<li>(Alternative) A player connects to a malicious Freeciv21 server.</li>
<li>The malicious server sends a specially-crafted packet to the player's Freeciv21 client.</li>
<li>The client processes the packet, causing a stack overflow and crashing the game on the player's machine, resulting in a denial-of-service condition for the player.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability can lead to a denial-of-service condition. For public Freeciv21 servers, this means the server becomes unavailable to legitimate players, disrupting gameplay and potentially impacting the server's reputation. If exploited against a player's client, it crashes the game, causing frustration and loss of progress. The number of affected servers and players depends on the adoption rate of the vulnerable Freeciv21 versions.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade all Freeciv21 server and client installations to version 3.1.1 to patch CVE-2026-33250.</li>
<li>Deploy the Sigma rule <code>Detect Suspicious Network Traffic to Freeciv21 Server</code> to identify potentially malicious packets sent to Freeciv21 servers.</li>
<li>Implement a firewall in front of Freeciv21 servers to restrict access and potentially mitigate the impact of malicious packets as mentioned in the overview.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>freeciv21</category><category>stack-overflow</category><category>denial-of-service</category><category>cve-2026-33250</category><category>linux</category></item></channel></rss>