Christoph Elsenhans

**Name of the Vulnerable Software and Affected Versions** OpenTTD versions 0.6.0 through 1.2.1 **Description** The issue is related to the improper validation of requests to clear a water tile, which can be exploited by remote attackers to cause a denial of service. This can result in a NULL pointer dereference and server crash via a certain sequence of steps related to the water/coast aspect of tiles that also have railtracks on one half. Multiple vulnerabilities in the OpenTTD package of the Debian GNU/Linux operating system can lead to disruption of protected information availability, and exploitation can be carried out remotely. **Recommendations** For OpenTTD versions 0.6.0 through 1.2.1, update to a version that properly validates requests to clear a water tile to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.