CyberSec.Space Logo
Back to CVE Browser

CVE-2010-2445

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile40.90th
PublishedJul 8, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

Affected Platforms (CPE)

πŸ“¦
Freeciv

Freeciv

= 2.2.0
πŸ“¦
Freeciv

Freeciv

= 2.2.0
πŸ“¦
Freeciv

Freeciv

= 2.2.0
πŸ“¦
Freeciv

Freeciv

= 2.2.0
πŸ“¦
Freeciv

Freeciv

= 2.2.0
πŸ“¦
Freeciv

Freeciv

= 2.3.0

References & Advisories

πŸ”— http://gna.org/bugs/?15624
πŸ”— http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html
πŸ”— http://www.mandriva.com/security/advisories?name=MDVSA-2010:205
πŸ”— http://www.openwall.com/lists/oss-security/2010/06/09/4
πŸ”— http://www.openwall.com/lists/oss-security/2010/06/24/5
πŸ”— http://www.osvdb.org/65192
πŸ”— http://gna.org/bugs/?15624
πŸ”— http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html

Related Vulnerabilities

CVE-2006-39137.5

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of ...

CVE-2012-56457.5

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote att...

CVE-2012-60837.5

Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.

CVE-2006-00475.0

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with...