5

CVE-2010-2534

The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenttdOpenttd Version0.1.1
OpenttdOpenttd Version0.1.2
OpenttdOpenttd Version0.1.3
OpenttdOpenttd Version0.1.4
OpenttdOpenttd Version0.2.0
OpenttdOpenttd Version0.2.1
OpenttdOpenttd Version0.3.0
OpenttdOpenttd Version0.3.1
OpenttdOpenttd Version0.3.2
OpenttdOpenttd Version0.3.2.1
OpenttdOpenttd Version0.3.3
OpenttdOpenttd Version0.3.4
OpenttdOpenttd Version0.3.5
OpenttdOpenttd Version0.3.6
OpenttdOpenttd Version0.3.7
OpenttdOpenttd Version0.4.0
OpenttdOpenttd Version0.4.0.1
OpenttdOpenttd Version0.4.5
OpenttdOpenttd Version0.4.6
OpenttdOpenttd Version0.4.7
OpenttdOpenttd Version0.4.8
OpenttdOpenttd Version0.4.8 Updaterc1
OpenttdOpenttd Version0.4.8 Updaterc2
OpenttdOpenttd Version0.5.0
OpenttdOpenttd Version0.5.0 Updaterc1
OpenttdOpenttd Version0.5.0 Updaterc2
OpenttdOpenttd Version0.5.0 Updaterc3
OpenttdOpenttd Version0.5.0 Updaterc4
OpenttdOpenttd Version0.5.0 Updaterc5
OpenttdOpenttd Version0.5.1
OpenttdOpenttd Version0.5.1 Updaterc1
OpenttdOpenttd Version0.5.1 Updaterc2
OpenttdOpenttd Version0.5.1 Updaterc3
OpenttdOpenttd Version0.5.2
OpenttdOpenttd Version0.5.2 Updaterc1
OpenttdOpenttd Version0.5.3
OpenttdOpenttd Version0.5.3 Updaterc1
OpenttdOpenttd Version0.5.3 Updaterc2
OpenttdOpenttd Version0.5.3 Updaterc3
OpenttdOpenttd Version0.6.0
OpenttdOpenttd Version0.6.0 Updatebeta1
OpenttdOpenttd Version0.6.0 Updatebeta2
OpenttdOpenttd Version0.6.0 Updatebeta3
OpenttdOpenttd Version0.6.0 Updatebeta4
OpenttdOpenttd Version0.6.0 Updatebeta5
OpenttdOpenttd Version0.6.0 Updaterc1
OpenttdOpenttd Version0.6.1
OpenttdOpenttd Version0.6.1 Updaterc1
OpenttdOpenttd Version0.6.1 Updaterc2
OpenttdOpenttd Version0.6.2
OpenttdOpenttd Version0.6.2 Updaterc1
OpenttdOpenttd Version0.6.2 Updaterc2
OpenttdOpenttd Version0.6.3
OpenttdOpenttd Version0.6.3 Updaterc1
OpenttdOpenttd Version0.7.0
OpenttdOpenttd Version0.7.0 Updatebeta1
OpenttdOpenttd Version0.7.0 Updatebeta2
OpenttdOpenttd Version0.7.0 Updaterc1
OpenttdOpenttd Version0.7.0 Updaterc2
OpenttdOpenttd Version0.7.1
OpenttdOpenttd Version0.7.1 Updaterc1
OpenttdOpenttd Version0.7.1 Updaterc2
OpenttdOpenttd Version0.7.1 Updaterc3
OpenttdOpenttd Version0.7.2
OpenttdOpenttd Version0.7.2 Updaterc1
OpenttdOpenttd Version0.7.2 Updaterc2
OpenttdOpenttd Version0.7.3
OpenttdOpenttd Version0.7.3 Updaterc1
OpenttdOpenttd Version0.7.3 Updaterc2
OpenttdOpenttd Version0.7.4
OpenttdOpenttd Version0.7.4 Updaterc1
OpenttdOpenttd Version0.7.5
OpenttdOpenttd Version0.7.5 Updaterc1
OpenttdOpenttd Version1.0.0
OpenttdOpenttd Version1.0.0 Updatebeta1
OpenttdOpenttd Version1.0.0 Updatebeta2
OpenttdOpenttd Version1.0.0 Updatebeta3
OpenttdOpenttd Version1.0.0 Updatebeta4
OpenttdOpenttd Version1.0.0 Updaterc1
OpenttdOpenttd Version1.0.0 Updaterc2
OpenttdOpenttd Version1.0.0 Updaterc3
OpenttdOpenttd Version1.0.1
OpenttdOpenttd Version1.0.1 Updaterc1
OpenttdOpenttd Version1.0.1 Updaterc2
OpenttdOpenttd Version1.0.2
OpenttdOpenttd Version1.0.2 Updaterc1
OpenttdOpenttd Version1.0.3 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.35% 0.871
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.openttd.org/task/3909
Patch
http://bugs.openttd.org/task/3909/getfile/6237/loop_fix.patch
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044516.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044565.html
http://osvdb.org/66503
http://secunia.com/advisories/40630
Vendor Advisory
http://secunia.com/advisories/40760
Vendor Advisory
http://security.openttd.org/en/CVE-2010-2534
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2010/07/20/1
http://www.securityfocus.com/bid/41804
Patch
http://www.vupen.com/english/advisories/2010/1888
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1916
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60568