返回 CVE 浏览器

CVE-2010-2445

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1510%

EPSS Percentile40.90th

Published2010年7月8日

Last Modified2026年4月29日

Vulnerability Description

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

Affected Platforms (CPE)

📦

Freeciv

Freeciv

= 2.2.0

📦

Freeciv

Freeciv

= 2.2.0

📦

Freeciv

Freeciv

= 2.2.0

📦

Freeciv

Freeciv

= 2.2.0

📦

Freeciv

Freeciv

= 2.2.0

📦

Freeciv

Freeciv

= 2.3.0

References & Advisories

🔗 http://gna.org/bugs/?15624

🔗 http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html

🔗 http://www.mandriva.com/security/advisories?name=MDVSA-2010:205

🔗 http://www.openwall.com/lists/oss-security/2010/06/09/4

🔗 http://www.openwall.com/lists/oss-security/2010/06/24/5

🔗 http://www.osvdb.org/65192

🔗 http://gna.org/bugs/?15624

🔗 http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html

相关漏洞威胁

CVE-2006-39137.5

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of ...

CVE-2012-56457.5

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote att...

CVE-2012-60837.5

Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.

CVE-2006-00475.0

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with...