CVE-2010-4168 Common Vulnerabilities and Exposures

Upstream information

CVE-2010-4168 at MITRE

Description

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`openttd >= 1.6.1-1.1` `openttd-data >= 1.6.1-1.1` `openttd-dedicated >= 1.6.1-1.1`	Patchnames: openSUSE-Tumbleweed-2024-10563

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 17:55:03 2013
CVE page last modified: Sat Jun 15 21:20:36 2024