High severity8.8NVD Advisory· Published Jul 23, 2018· Updated Jun 17, 2026

CVE-2018-1999023

Description

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

Affected products

Battle For Wesnoth/Battle for Wesnothllm-create
Range: >=1.7.0, <=1.14.3
osv-coords
pkg:rpm/opensuse/wesnoth&distro=openSUSE%20Tumbleweed
Range: < 1.15.17-1.3

Patches

Vulnerability mechanics

References

gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380nvdPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000