Issue967

Title CVE-2020-14939: An issue was discovered in savestruct_internal.c
Priority release-blocker Status open
Assigned To fluzz Keywords
Linked issues CVE-2020-14938: An issue was discovered in map.c, Lua code execution in loading untrusted save game
View: 968, 953
Watchers fluzz

Submitted on 2020-06-26 06h41 by Snark, last changed by fluzz.

Messages
Author: Snark Date: 2020-06-26   06h41
This bug was reported against the Debian package, but is an upstream issue :

Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
Author: fluzz Date: 2020-06-29   13h42
"A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading."

That's true. But it is also true with the data files. They also contain Lua scripts... What's the real threat here ????
Author: fluzz Date: 2020-06-29   13h52
relates to issue953
Author: jesusalva Date: 2020-06-29   19h50
I guess it Depends on what capabilities 
this lua code haves. It is not harmful 
unless it can access system I/O or break 
the "sandbox".
History
Date User Action Args
2021-11-13 22:33:14fluzzlinkissue968 linked
2021-11-13 22:33:03fluzzsetlinked: + CVE-2020-14938: An issue was discovered in map.c
2021-11-13 16:49:55fluzzsetlinked: + Lua code execution in loading untrusted save game
2021-11-13 16:49:52fluzzlinkissue953 linked
2021-11-05 13:18:59fluzzsetassignedto: fluzz
nosy: + fluzz
2021-11-05 10:53:35fluzzsetpriority: important -> release-blocker
2020-06-29 19:50:58jesusalvasetmessages: + msg3697
2020-06-29 13:52:30fluzzsetmessages: + msg3695
2020-06-29 13:42:11fluzzsetmessages: + msg3691
2020-06-26 06:41:08Snarkcreate