CVE-2022-6083: 
Linux openSUSE vulnerability analysis and mitigation

A buffer overflow vulnerability exists in the Modpack Installer utility's handling of modpack URLs in Freeciv versions < 2.6.7 and freeciv-3.0 < 3.0.3. The vulnerability was discovered and disclosed on August 5, 2022, affecting the URL handling functionality in the Modpack Installer component (Freeciv Disclosure).

The vulnerability occurs when specially crafted URLs without any '/' characters are processed, resulting in an underflowing length calculation of (unsigned)(-1). This causes the entire NULL-terminated string given as 'URL' to be written beyond the allocated buffer, leading to a buffer overflow condition (Freeciv Disclosure).

The buffer overflow vulnerability could potentially allow attackers to write data beyond allocated memory boundaries, which might lead to arbitrary code execution or program crashes when processing specially crafted modpack URLs (Freeciv Disclosure).

Users are advised to upgrade to Freeciv version 2.6.7 or freeciv-3.0.3 or later. For those unable to perform a full version update, a patch for this specific issue is available in the bug tracker ticket #45299. The fixed versions can be downloaded from the official Freeciv website (Freeciv Disclosure).