Description

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected.

INFO

Published Date :

2026-03-23T23:38:02.070Z

Last Modified :

2026-03-24T13:36:23.980Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33250 vulnerability.

Vendors Products
Longturn
  • Freeciv21
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33250.

URL Resource
https://github.com/longturn/freeciv21/commit/ad8e18ca22595529599782b2984bf44df8d69ed6 cve-icon cve-icon
https://github.com/longturn/freeciv21/releases/tag/v3.1.1 cve-icon cve-icon
https://github.com/longturn/freeciv21/security/advisories/GHSA-f76g-6w3f-f6r3 cve-icon cve-icon
https://redmine.freeciv.org/issues/1955 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact