High severity7.5NVD Advisory· Published Nov 17, 2010· Updated Apr 29, 2026

CVE-2010-4168

Description

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

Affected products

OpenTTD/Openttd
cpe:2.3:a:openttd:openttd:*:*:*:*:*:*:*:*
Range: >=1.0.0,<1.0.5
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.openttd.org/en/CVE-2010-4168nvdPatchVendor Advisory
security.openttd.org/en/patch/28.patchnvdPatch
lists.fedoraproject.org/pipermail/package-announce/2010-December/052187.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2010-December/052193.htmlnvdMailing ListThird Party Advisory
www.securityfocus.com/bid/44844nvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2010/2985nvdBroken LinkVendor Advisory
marc.infonvdMailing List
marc.infonvdMailing List
secunia.com/advisories/42578nvdBroken Link
vcs.openttd.org/svn/changeset/21182nvdBroken Link
www.vupen.com/english/advisories/2010/3199nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000