PT-2011-4395 · Openttd Team · Openttd

Michael Lutz

Published

2011-09-08

Updated

2012-01-19

CVE-2011-3341

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenTTD versions prior to 1.1.3

Description The issue is caused by multiple off-by-one errors in the order cmd.cpp file, allowing remote attackers to potentially execute arbitrary code or cause a denial of service by crashing the daemon. This can be achieved by sending a crafted CMD INSERT ORDER command.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2011-3341

DSA-2386-1

Affected Products

Openttd

PT-2011-4395 · Openttd Team · Openttd

CVE-2011-3341

Weakness Enumeration

Related Identifiers

Affected Products

References · 13