Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.2.1 |
Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.4.0.1 |
OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.4.7 |
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | * |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | * |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | * |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.6.3 |
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 1.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.7.2 |
| openttd | openttd | 1.0.0 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.7.0 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 1.0.2 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.7.5 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 0.7.3 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 1.0.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.1 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 13 |
| openttd | openttd | * |
| fedoraproject | fedora | 14 |
Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.6.3 |
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 1.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.7.2 |
| openttd | openttd | 1.0.0 |
| openttd | openttd | 1.0.5 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.7.0 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 1.0.2 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | * |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.7.5 |
| openttd | openttd | 1.1.0 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 1.1.2 |
| openttd | openttd | 0.7.3 |
| openttd | openttd | 1.0.4 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 1.0.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.1 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 1.1.1 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.6.3 |
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 1.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.7.2 |
| openttd | openttd | 1.0.0 |
| openttd | openttd | 1.0.5 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.7.0 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 1.0.2 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | * |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.7.5 |
| openttd | openttd | 1.1.0 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 1.1.2 |
| openttd | openttd | 0.7.3 |
| openttd | openttd | 1.0.4 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 1.0.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.1 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 1.1.1 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.6.3 |
| openttd | openttd | 0.1.3 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 1.0.1 |
| openttd | openttd | 0.3.1 |
| openttd | openttd | 0.7.2 |
| openttd | openttd | 1.0.0 |
| openttd | openttd | 1.0.5 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.7.0 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 1.0.2 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.3.2 |
| openttd | openttd | * |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.3.2.1 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 0.1.1 |
| openttd | openttd | 0.2.0 |
| openttd | openttd | 0.1.4 |
| openttd | openttd | 0.3.0 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.7.5 |
| openttd | openttd | 1.1.0 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 0.3.4 |
| openttd | openttd | 0.3.5 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 1.1.2 |
| openttd | openttd | 0.7.3 |
| openttd | openttd | 1.0.4 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 0.1.2 |
| openttd | openttd | 0.3.3 |
| openttd | openttd | 1.0.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.1 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 1.1.1 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 0.3.7 |
| openttd | openttd | 0.2.1 |
The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openttd | openttd | 0.6.3 |
| openttd | openttd | 1.1.4 |
| openttd | openttd | 0.4.0.1 |
| openttd | openttd | 1.0.1 |
| openttd | openttd | 0.7.2 |
| openttd | openttd | 1.1.3 |
| openttd | openttd | 1.2.3 |
| openttd | openttd | 1.0.0 |
| openttd | openttd | 1.0.5 |
| openttd | openttd | 0.3.6 |
| openttd | openttd | 0.7.0 |
| openttd | openttd | 0.4.5 |
| openttd | openttd | 1.0.2 |
| openttd | openttd | 0.4.7 |
| openttd | openttd | 0.4.0 |
| openttd | openttd | 0.6.0 |
| openttd | openttd | 1.2.2 |
| openttd | openttd | 0.5.2 |
| openttd | openttd | 0.7.5 |
| openttd | openttd | 1.1.0 |
| openttd | openttd | 1.3.1 |
| openttd | openttd | 0.6.2 |
| openttd | openttd | 0.5.3 |
| openttd | openttd | 1.2.0 |
| openttd | openttd | 0.5.1 |
| openttd | openttd | 0.6.1 |
| openttd | openttd | 1.1.2 |
| openttd | openttd | 0.7.3 |
| openttd | openttd | 1.0.4 |
| openttd | openttd | 0.4.8 |
| openttd | openttd | 1.2.1 |
| openttd | openttd | 1.0.3 |
| openttd | openttd | 0.5.0 |
| openttd | openttd | 0.7.1 |
| openttd | openttd | 0.7.4 |
| openttd | openttd | 1.1.1 |
| openttd | openttd | 1.1.5 |
| openttd | openttd | 0.4.6 |
| openttd | openttd | 1.3.2 |