Описание
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| freedroidrpg | fixed | 1.0-1 | package | |
| freedroidrpg | no-dsa | bullseye | package | |
| freedroidrpg | no-dsa | buster | package | |
| freedroidrpg | no-dsa | stretch | package | |
| freedroidrpg | end-of-life | jessie | package |
Примечания
https://bugs.freedroid.org/b/issue953
https://bugs.freedroid.org/b/issue967
https://logicaltrust.net/blog/2020/02/freedroid.html
Связанные уязвимости
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.