Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request for OpenTTD
From: Rubidium <rubidium () openttd org>
Date: Thu, 28 Nov 2013 21:10:53 +0100

Hello folks,

the OpenTTD team and contributors have discovered several a security
vulnerability in OpenTTD. Please be so kind to allocate a CVE id for
the issues detailed below:

Denial of service (server) using forcefully crashed aircrafts

A missing validation allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed.

A test case, and simple guide how to reproduce it can be found in the issue in our bug tracker at http://bugs.openttd.org/task/5820

Vulnerability is present since 0.3.6 and will be fixed in the upcoming
1.3.3 release.

Once the CVE id is allocated, the issue will be fully documented at
http://security.openttd.org/en/CVE-2013-xxxx

Thanks,
Remko 'Rubidium' Bijker

[Please CC me, I'm not subscribed.]


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]