Openttd
by OpenTTD
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4168 | Hig | 0.49 | 7.5 | 0.04 | Nov 17, 2010 | Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2)… | ||
| CVE-2006-1999 | 0.04 | — | 0.09 | Apr 25, 2006 | The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu. | |||
| CVE-2006-1998 | 0.03 | — | 0.01 | Apr 25, 2006 | OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. | |||
| CVE-2008-3576 | 0.01 | — | 0.06 | Aug 10, 2008 | Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party… | |||
| CVE-2012-0049 | 0.00 | — | 0.01 | Nov 7, 2019 | OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | |||
| CVE-2013-6411 | 0.00 | — | 0.03 | Dec 14, 2013 | The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map. | |||
| CVE-2012-3436 | 0.00 | — | 0.03 | Oct 9, 2012 | OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also… | |||
| CVE-2012-0048 | 0.00 | — | 0.03 | Aug 25, 2012 | OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. | |||
| CVE-2011-3343 | 0.00 | — | 0.00 | Sep 8, 2011 | Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file. | |||
| CVE-2011-3342 | 0.00 | — | 0.05 | Sep 8, 2011 | Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame. | |||
| CVE-2011-3341 | 0.00 | — | 0.04 | Sep 8, 2011 | Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. | |||
| CVE-2010-2534 | 0.00 | — | 0.03 | Jul 28, 2010 | The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the… | |||
| CVE-2010-0406 | 0.00 | — | 0.02 | May 5, 2010 | OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | |||
| CVE-2010-0402 | 0.00 | — | 0.02 | May 5, 2010 | OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. | |||
| CVE-2010-0401 | 0.00 | — | 0.01 | May 5, 2010 | OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | |||
| CVE-2009-4007 | 0.00 | — | 0.02 | Dec 28, 2009 | Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine. | |||
| CVE-2008-3547 | 0.00 | — | 0.05 | Mar 10, 2009 | Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients." | |||
| CVE-2008-3577 | 0.00 | — | 0.00 | Aug 10, 2008 | Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments. | |||
| CVE-2005-2764 | 0.00 | — | 0.03 | Sep 21, 2005 | Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2005-2763 | 0.00 | — | 0.03 | Sep 6, 2005 | Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |
- risk 0.49cvss 7.5epss 0.04
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2)…
- CVE-2006-1999Apr 25, 2006risk 0.04cvss —epss 0.09
The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.
- CVE-2006-1998Apr 25, 2006risk 0.03cvss —epss 0.01
OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.
- CVE-2008-3576Aug 10, 2008risk 0.01cvss —epss 0.06
Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party…
- CVE-2012-0049Nov 7, 2019risk 0.00cvss —epss 0.01
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
- CVE-2013-6411Dec 14, 2013risk 0.00cvss —epss 0.03
The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.
- CVE-2012-3436Oct 9, 2012risk 0.00cvss —epss 0.03
OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also…
- CVE-2012-0048Aug 25, 2012risk 0.00cvss —epss 0.03
OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.
- CVE-2011-3343Sep 8, 2011risk 0.00cvss —epss 0.00
Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.
- CVE-2011-3342Sep 8, 2011risk 0.00cvss —epss 0.05
Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.
- CVE-2011-3341Sep 8, 2011risk 0.00cvss —epss 0.04
Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.
- CVE-2010-2534Jul 28, 2010risk 0.00cvss —epss 0.03
The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the…
- CVE-2010-0406May 5, 2010risk 0.00cvss —epss 0.02
OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.
- CVE-2010-0402May 5, 2010risk 0.00cvss —epss 0.02
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
- CVE-2010-0401May 5, 2010risk 0.00cvss —epss 0.01
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
- CVE-2009-4007Dec 28, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.
- CVE-2008-3547Mar 10, 2009risk 0.00cvss —epss 0.05
Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."
- CVE-2008-3577Aug 10, 2008risk 0.00cvss —epss 0.00
Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.
- CVE-2005-2764Sep 21, 2005risk 0.00cvss —epss 0.03
Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
- CVE-2005-2763Sep 6, 2005risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.