Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

battle_for_wesnoth

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2015-5069
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 72.74%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

Action-Not Available
Vendor-wesnothn/aFedora Project
Product-fedorabattle_for_wesnothn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5070
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.1||LOW
EPSS-0.66% / 70.19%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

Action-Not Available
Vendor-wesnothn/aFedora Project
Product-fedorabattle_for_wesnothn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0844
Assigner-Debian GNU/Linux
ShareView Details
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

Action-Not Available
Vendor-wesnothn/aFedora Project
Product-battle_for_wesnothfedoran/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor