Summary
Detail | |||
---|---|---|---|
Vendor | Openttd | First view | 2009-12-28 |
Product | Openttd | Last view | 2019-11-07 |
Version | 0.7.1 | Type | Application |
Update | rc2 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:openttd:openttd |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2019-11-07 | CVE-2012-0049 | OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. |
4.3 | 2012-08-25 | CVE-2012-0048 | OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. |
4.6 | 2011-09-08 | CVE-2011-3343 | Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file. |
7.5 | 2011-09-08 | CVE-2011-3342 | Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame. |
7.5 | 2011-09-08 | CVE-2011-3341 | Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. |
7.5 | 2010-11-17 | CVE-2010-4168 | Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. |
5 | 2010-07-28 | CVE-2010-2534 | The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue. |
4 | 2010-05-05 | CVE-2010-0406 | OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. |
6.5 | 2010-05-05 | CVE-2010-0402 | OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. |
6.5 | 2010-05-05 | CVE-2010-0401 | OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. |
5 | 2009-12-28 | CVE-2009-4007 | Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
30% (3) | CWE-399 | Resource Management Errors |
20% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10% (1) | CWE-416 | Use After Free |
10% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
10% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
10% (1) | CWE-189 | Numeric Errors |
10% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
75114 | OpenTTD Memory Allocation BMP File Handling Remote Overflow |
75111 | OpenTTD Multiple Chunk Savegame File Handling Remote Overflow |
75110 | OpenTTD order_cmd.cpp CMD_INSERT_ORDER Remote Command Injection |
69502 | OpenTTD Session Disconnection Use-after-free Remote DoS |
66503 | OpenTTD src/network/network_command.cpp NetworkSyncCommandQueue() Infinite Lo... |
64272 | OpenTTD File Descriptor Leak Exhaustion DoS |
64271 | OpenTTD Unspecified Command Handling Remote DoS |
64270 | OpenTTD Password Request Handling Authentication Bypass |
61356 | OpenTTD src/train_cmd.cpp NormaliseTrainConsist Function Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2012-08-30 | Name : Fedora Update for openttd FEDORA-2012-12198 File : nvt/gb_fedora_2012_12198_openttd_fc16.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2524-1 (openttd) File : nvt/deb_2524_1.nasl |
2012-04-02 | Name : Fedora Update for openttd FEDORA-2012-0647 File : nvt/gb_fedora_2012_0647_openttd_fc16.nasl |
2012-03-19 | Name : Fedora Update for openttd FEDORA-2011-12945 File : nvt/gb_fedora_2011_12945_openttd_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-03 (ebuild OpenTTD) File : nvt/glsa_201111_03.nasl |
2012-02-12 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd4.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2386-1 (openttd) File : nvt/deb_2386_1.nasl |
2012-02-01 | Name : Fedora Update for openttd FEDORA-2012-0623 File : nvt/gb_fedora_2012_0623_openttd_fc15.nasl |
2011-09-23 | Name : Fedora Update for openttd FEDORA-2011-12975 File : nvt/gb_fedora_2011_12975_openttd_fc14.nasl |
2011-01-24 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd0.nasl |
2010-12-28 | Name : Fedora Update for openttd FEDORA-2010-18571 File : nvt/gb_fedora_2010_18571_openttd_fc13.nasl |
2010-12-28 | Name : Fedora Update for openttd FEDORA-2010-18572 File : nvt/gb_fedora_2010_18572_openttd_fc14.nasl |
2010-11-30 | Name : OpenTTD Multiple use-after-free Denial of Service vulnerability File : nvt/gb_openttd_mult_use_after_free_dos_vuln.nasl |
2010-10-10 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd.nasl |
2010-08-02 | Name : OpenTTD 'NetworkSyncCommandQueue()' Denial of Service Vulnerability File : nvt/secpod_openttd_dos_vuln.nasl |
2010-07-30 | Name : Fedora Update for openttd FEDORA-2010-11450 File : nvt/gb_fedora_2010_11450_openttd_fc12.nasl |
2010-07-30 | Name : Fedora Update for openttd FEDORA-2010-11401 File : nvt/gb_fedora_2010_11401_openttd_fc13.nasl |
2010-05-13 | Name : OpenTTD Multiple Security bypass vulnerabilities File : nvt/gb_openttd_mult_sec_bypass_vuln.nasl |
2010-05-07 | Name : Fedora Update for openttd FEDORA-2010-7800 File : nvt/gb_fedora_2010_7800_openttd_fc12.nasl |
2010-05-07 | Name : Fedora Update for openttd FEDORA-2010-7885 File : nvt/gb_fedora_2010_7885_openttd_fc11.nasl |
2010-03-02 | Name : Fedora Update for openttd FEDORA-2010-0144 File : nvt/gb_fedora_2010_0144_openttd_fc11.nasl |
2010-03-02 | Name : Fedora Update for openttd FEDORA-2010-0135 File : nvt/gb_fedora_2010_0135_openttd_fc12.nasl |
0000-00-00 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd3.nasl |
0000-00-00 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd2.nasl |
0000-00-00 | Name : FreeBSD Ports: openttd File : nvt/freebsd_openttd1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2012-08-07 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2524.nasl - Type: ACT_GATHER_INFO |
2012-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2012-0647.nasl - Type: ACT_GATHER_INFO |
2012-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2012-0623.nasl - Type: ACT_GATHER_INFO |
2012-01-18 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_1ac858b03fae11e1a1270013d3ccd9df.nasl - Type: ACT_GATHER_INFO |
2012-01-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2386.nasl - Type: ACT_GATHER_INFO |
2011-11-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201111-03.nasl - Type: ACT_GATHER_INFO |
2011-10-17 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_78c25ed7f3f911e08b5cb482fe3f522d.nasl - Type: ACT_GATHER_INFO |
2011-10-17 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_9bad5ab1f3f611e08b5cb482fe3f522d.nasl - Type: ACT_GATHER_INFO |
2011-10-17 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e77befb5f3f911e08b5cb482fe3f522d.nasl - Type: ACT_GATHER_INFO |
2011-10-03 | Name: The remote Fedora host is missing a security update. File: fedora_2011-12945.nasl - Type: ACT_GATHER_INFO |
2011-09-20 | Name: The remote Fedora host is missing a security update. File: fedora_2011-12975.nasl - Type: ACT_GATHER_INFO |
2010-12-14 | Name: The remote Fedora host is missing a security update. File: fedora_2010-18571.nasl - Type: ACT_GATHER_INFO |
2010-12-14 | Name: The remote Fedora host is missing a security update. File: fedora_2010-18572.nasl - Type: ACT_GATHER_INFO |
2010-11-24 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_373e412ef74811df96cd0015f2db7bde.nasl - Type: ACT_GATHER_INFO |
2010-08-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_b6069837aadc11df82df0015f2db7bde.nasl - Type: ACT_GATHER_INFO |
2010-07-27 | Name: The remote Fedora host is missing a security update. File: fedora_2010-11450.nasl - Type: ACT_GATHER_INFO |
2010-07-27 | Name: The remote Fedora host is missing a security update. File: fedora_2010-11401.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-7800.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-7885.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-7895.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0144.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0135.nasl - Type: ACT_GATHER_INFO |