RSS   Vulnerabilities for 'Freedroidrpg'   RSS

2020-06-23
 
CVE-2020-14939

CWE-20
 

 
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.

 
 
CVE-2020-14938

CWE-787
 

 
An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.

 


Copyright 2024, cxsecurity.com

 

Back to Top