This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openttd First view 2009-12-28
Product Openttd Last view 2019-11-07
Version 0.7.1 Type Application
Update rc2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:openttd:openttd

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2019-11-07 CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
4.3 2012-08-25 CVE-2012-0048

OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.
4.6 2011-09-08 CVE-2011-3343

Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.
7.5 2011-09-08 CVE-2011-3342

Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.
7.5 2011-09-08 CVE-2011-3341

Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.
7.5 2010-11-17 CVE-2010-4168

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.
5 2010-07-28 CVE-2010-2534

The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.
4 2010-05-05 CVE-2010-0406

OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.
6.5 2010-05-05 CVE-2010-0402

OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
6.5 2010-05-05 CVE-2010-0401

OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
5 2009-12-28 CVE-2009-4007

Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-399 Resource Management Errors
20% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (1) CWE-416 Use After Free
10% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
10% (1) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-189 Numeric Errors
10% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
75114 OpenTTD Memory Allocation BMP File Handling Remote Overflow
75111 OpenTTD Multiple Chunk Savegame File Handling Remote Overflow
75110 OpenTTD order_cmd.cpp CMD_INSERT_ORDER Remote Command Injection
69502 OpenTTD Session Disconnection Use-after-free Remote DoS
66503 OpenTTD src/network/network_command.cpp NetworkSyncCommandQueue() Infinite Lo...
64272 OpenTTD File Descriptor Leak Exhaustion DoS
64271 OpenTTD Unspecified Command Handling Remote DoS
64270 OpenTTD Password Request Handling Authentication Bypass
61356 OpenTTD src/train_cmd.cpp NormaliseTrainConsist Function Remote DoS

OpenVAS Exploits

id Description
2012-08-30 Name : Fedora Update for openttd FEDORA-2012-12198
File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2524-1 (openttd)
File : nvt/deb_2524_1.nasl
2012-04-02 Name : Fedora Update for openttd FEDORA-2012-0647
File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl
2012-03-19 Name : Fedora Update for openttd FEDORA-2011-12945
File : nvt/gb_fedora_2011_12945_openttd_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-03 (ebuild OpenTTD)
File : nvt/glsa_201111_03.nasl
2012-02-12 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd4.nasl
2012-02-11 Name : Debian Security Advisory DSA 2386-1 (openttd)
File : nvt/deb_2386_1.nasl
2012-02-01 Name : Fedora Update for openttd FEDORA-2012-0623
File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl
2011-09-23 Name : Fedora Update for openttd FEDORA-2011-12975
File : nvt/gb_fedora_2011_12975_openttd_fc14.nasl
2011-01-24 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd0.nasl
2010-12-28 Name : Fedora Update for openttd FEDORA-2010-18571
File : nvt/gb_fedora_2010_18571_openttd_fc13.nasl
2010-12-28 Name : Fedora Update for openttd FEDORA-2010-18572
File : nvt/gb_fedora_2010_18572_openttd_fc14.nasl
2010-11-30 Name : OpenTTD Multiple use-after-free Denial of Service vulnerability
File : nvt/gb_openttd_mult_use_after_free_dos_vuln.nasl
2010-10-10 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd.nasl
2010-08-02 Name : OpenTTD 'NetworkSyncCommandQueue()' Denial of Service Vulnerability
File : nvt/secpod_openttd_dos_vuln.nasl
2010-07-30 Name : Fedora Update for openttd FEDORA-2010-11450
File : nvt/gb_fedora_2010_11450_openttd_fc12.nasl
2010-07-30 Name : Fedora Update for openttd FEDORA-2010-11401
File : nvt/gb_fedora_2010_11401_openttd_fc13.nasl
2010-05-13 Name : OpenTTD Multiple Security bypass vulnerabilities
File : nvt/gb_openttd_mult_sec_bypass_vuln.nasl
2010-05-07 Name : Fedora Update for openttd FEDORA-2010-7800
File : nvt/gb_fedora_2010_7800_openttd_fc12.nasl
2010-05-07 Name : Fedora Update for openttd FEDORA-2010-7885
File : nvt/gb_fedora_2010_7885_openttd_fc11.nasl
2010-03-02 Name : Fedora Update for openttd FEDORA-2010-0144
File : nvt/gb_fedora_2010_0144_openttd_fc11.nasl
2010-03-02 Name : Fedora Update for openttd FEDORA-2010-0135
File : nvt/gb_fedora_2010_0135_openttd_fc12.nasl
0000-00-00 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd3.nasl
0000-00-00 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd2.nasl
0000-00-00 Name : FreeBSD Ports: openttd
File : nvt/freebsd_openttd1.nasl

Nessus® Vulnerability Scanner

id Description
2012-08-07 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2524.nasl - Type: ACT_GATHER_INFO
2012-01-30 Name: The remote Fedora host is missing a security update.
File: fedora_2012-0647.nasl - Type: ACT_GATHER_INFO
2012-01-30 Name: The remote Fedora host is missing a security update.
File: fedora_2012-0623.nasl - Type: ACT_GATHER_INFO
2012-01-18 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_1ac858b03fae11e1a1270013d3ccd9df.nasl - Type: ACT_GATHER_INFO
2012-01-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2386.nasl - Type: ACT_GATHER_INFO
2011-11-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201111-03.nasl - Type: ACT_GATHER_INFO
2011-10-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_78c25ed7f3f911e08b5cb482fe3f522d.nasl - Type: ACT_GATHER_INFO
2011-10-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9bad5ab1f3f611e08b5cb482fe3f522d.nasl - Type: ACT_GATHER_INFO
2011-10-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e77befb5f3f911e08b5cb482fe3f522d.nasl - Type: ACT_GATHER_INFO
2011-10-03 Name: The remote Fedora host is missing a security update.
File: fedora_2011-12945.nasl - Type: ACT_GATHER_INFO
2011-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2011-12975.nasl - Type: ACT_GATHER_INFO
2010-12-14 Name: The remote Fedora host is missing a security update.
File: fedora_2010-18571.nasl - Type: ACT_GATHER_INFO
2010-12-14 Name: The remote Fedora host is missing a security update.
File: fedora_2010-18572.nasl - Type: ACT_GATHER_INFO
2010-11-24 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_373e412ef74811df96cd0015f2db7bde.nasl - Type: ACT_GATHER_INFO
2010-08-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_b6069837aadc11df82df0015f2db7bde.nasl - Type: ACT_GATHER_INFO
2010-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2010-11450.nasl - Type: ACT_GATHER_INFO
2010-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2010-11401.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-7800.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-7885.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-7895.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0144.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0135.nasl - Type: ACT_GATHER_INFO