MidnightBSD

Advisories for openttd

CVE-2005-2763 HIGH

Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openttd openttd 0.1.3
openttd openttd 0.3.4
openttd openttd 0.3.1
openttd openttd 0.3.5
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 0.3.6
openttd openttd 0.3.2
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.2.1
CVE-2005-2764 HIGH

Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openttd openttd 0.4.0.1
CVE-2006-1998 LOW

OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openttd openttd 0.1.3
openttd openttd 0.3.4
openttd openttd 0.4.0.1
openttd openttd 0.3.1
openttd openttd 0.3.5
openttd openttd 0.1.2
openttd openttd 0.3.6
openttd openttd 0.4.5
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2006-1999 MEDIUM

The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openttd openttd 0.4.7
CVE-2010-0401 MEDIUM

OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 0.3.1
openttd openttd 0.3.6
openttd openttd 0.4.5
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd *
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 0.5.0
openttd openttd 0.7.4
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2010-0402 MEDIUM

OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 0.3.1
openttd openttd 0.3.6
openttd openttd 0.4.5
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd *
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 0.5.0
openttd openttd 0.7.4
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2010-0406 MEDIUM

OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 0.3.1
openttd openttd 0.3.6
openttd openttd 0.4.5
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd *
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 0.5.0
openttd openttd 0.7.4
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2010-2534 MEDIUM

The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openttd openttd 0.6.3
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 1.0.1
openttd openttd 0.3.1
openttd openttd 0.7.2
openttd openttd 1.0.0
openttd openttd 0.3.6
openttd openttd 0.7.0
openttd openttd 0.4.5
openttd openttd 1.0.2
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.7.5
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 0.7.3
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 1.0.3
openttd openttd 0.5.0
openttd openttd 0.7.1
openttd openttd 0.7.4
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2010-4168 MEDIUM

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 13
openttd openttd *
fedoraproject fedora 14
CVE-2011-3341 HIGH

Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openttd openttd 0.6.3
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 1.0.1
openttd openttd 0.3.1
openttd openttd 0.7.2
openttd openttd 1.0.0
openttd openttd 1.0.5
openttd openttd 0.3.6
openttd openttd 0.7.0
openttd openttd 0.4.5
openttd openttd 1.0.2
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd *
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.7.5
openttd openttd 1.1.0
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 1.1.2
openttd openttd 0.7.3
openttd openttd 1.0.4
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 1.0.3
openttd openttd 0.5.0
openttd openttd 0.7.1
openttd openttd 0.7.4
openttd openttd 1.1.1
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2011-3342 HIGH

Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openttd openttd 0.6.3
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 1.0.1
openttd openttd 0.3.1
openttd openttd 0.7.2
openttd openttd 1.0.0
openttd openttd 1.0.5
openttd openttd 0.3.6
openttd openttd 0.7.0
openttd openttd 0.4.5
openttd openttd 1.0.2
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd *
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.7.5
openttd openttd 1.1.0
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 1.1.2
openttd openttd 0.7.3
openttd openttd 1.0.4
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 1.0.3
openttd openttd 0.5.0
openttd openttd 0.7.1
openttd openttd 0.7.4
openttd openttd 1.1.1
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2011-3343 MEDIUM

Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openttd openttd 0.6.3
openttd openttd 0.1.3
openttd openttd 0.4.0.1
openttd openttd 1.0.1
openttd openttd 0.3.1
openttd openttd 0.7.2
openttd openttd 1.0.0
openttd openttd 1.0.5
openttd openttd 0.3.6
openttd openttd 0.7.0
openttd openttd 0.4.5
openttd openttd 1.0.2
openttd openttd 0.4.7
openttd openttd 0.3.2
openttd openttd *
openttd openttd 0.4.0
openttd openttd 0.3.2.1
openttd openttd 0.6.0
openttd openttd 0.1.1
openttd openttd 0.2.0
openttd openttd 0.1.4
openttd openttd 0.3.0
openttd openttd 0.5.2
openttd openttd 0.7.5
openttd openttd 1.1.0
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 0.3.4
openttd openttd 0.3.5
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 1.1.2
openttd openttd 0.7.3
openttd openttd 1.0.4
openttd openttd 0.4.8
openttd openttd 0.1.2
openttd openttd 0.3.3
openttd openttd 1.0.3
openttd openttd 0.5.0
openttd openttd 0.7.1
openttd openttd 0.7.4
openttd openttd 1.1.1
openttd openttd 0.4.6
openttd openttd 0.3.7
openttd openttd 0.2.1
CVE-2013-6411 MEDIUM

The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openttd openttd 0.6.3
openttd openttd 1.1.4
openttd openttd 0.4.0.1
openttd openttd 1.0.1
openttd openttd 0.7.2
openttd openttd 1.1.3
openttd openttd 1.2.3
openttd openttd 1.0.0
openttd openttd 1.0.5
openttd openttd 0.3.6
openttd openttd 0.7.0
openttd openttd 0.4.5
openttd openttd 1.0.2
openttd openttd 0.4.7
openttd openttd 0.4.0
openttd openttd 0.6.0
openttd openttd 1.2.2
openttd openttd 0.5.2
openttd openttd 0.7.5
openttd openttd 1.1.0
openttd openttd 1.3.1
openttd openttd 0.6.2
openttd openttd 0.5.3
openttd openttd 1.2.0
openttd openttd 0.5.1
openttd openttd 0.6.1
openttd openttd 1.1.2
openttd openttd 0.7.3
openttd openttd 1.0.4
openttd openttd 0.4.8
openttd openttd 1.2.1
openttd openttd 1.0.3
openttd openttd 0.5.0
openttd openttd 0.7.1
openttd openttd 0.7.4
openttd openttd 1.1.1
openttd openttd 1.1.5
openttd openttd 0.4.6
openttd openttd 1.3.2