CVE-2012-3436

Exploit

EPSS 2.34%
Veröffentlicht 09.10.2012 18:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openttd ≫ Openttd Version0.6.0

Openttd ≫ Openttd Version0.6.1

Openttd ≫ Openttd Version0.6.2

Openttd ≫ Openttd Version0.6.3

Openttd ≫ Openttd Version0.7.0

Openttd ≫ Openttd Version0.7.1

Openttd ≫ Openttd Version0.7.2

Openttd ≫ Openttd Version0.7.3

Openttd ≫ Openttd Version0.7.4

Openttd ≫ Openttd Version0.7.5

Openttd ≫ Openttd Version1.0.0

Openttd ≫ Openttd Version1.0.0 Updatebeta1

Openttd ≫ Openttd Version1.0.0 Updatebeta2

Openttd ≫ Openttd Version1.0.0 Updatebeta3

Openttd ≫ Openttd Version1.0.0 Updatebeta4

Openttd ≫ Openttd Version1.0.0 Updaterc1

Openttd ≫ Openttd Version1.0.0 Updaterc2

Openttd ≫ Openttd Version1.0.0 Updaterc3

Openttd ≫ Openttd Version1.0.1

Openttd ≫ Openttd Version1.0.1 Updaterc1

Openttd ≫ Openttd Version1.0.1 Updaterc2

Openttd ≫ Openttd Version1.0.2

Openttd ≫ Openttd Version1.0.2 Updaterc1

Openttd ≫ Openttd Version1.0.3

Openttd ≫ Openttd Version1.0.3 Updaterc1

Openttd ≫ Openttd Version1.0.4

Openttd ≫ Openttd Version1.0.4 Updaterc1

Openttd ≫ Openttd Version1.0.5

Openttd ≫ Openttd Version1.0.5 Updaterc1

Openttd ≫ Openttd Version1.0.5 Updaterc2

Openttd ≫ Openttd Version1.1.0

Openttd ≫ Openttd Version1.1.1

Openttd ≫ Openttd Version1.1.2

Openttd ≫ Openttd Version1.1.3

Openttd ≫ Openttd Version1.1.4

Openttd ≫ Openttd Version1.1.5

Openttd ≫ Openttd Version1.2.0

Openttd ≫ Openttd Version1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.34%	0.834

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.openttd.org/task/5254

http://lists.opensuse.org/opensuse-updates/2012-08/msg00043.html

http://secunia.com/advisories/50042

Vendor Advisory

http://security.openttd.org/en/CVE-2012-3436

http://vcs.openttd.org/svn/changeset/24439

http://vcs.openttd.org/svn/changeset/24449

Exploit

http://www.openwall.com/lists/oss-security/2012/07/27/5

http://www.openwall.com/lists/oss-security/2012/07/28/7

http://www.openwall.com/lists/oss-security/2012/07/31/5

http://www.securityfocus.com/bid/54720

https://exchange.xforce.ibmcloud.com/vulnerabilities/77266

https://nvd.nist.gov/vuln/detail/CVE-2012-3436

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3436

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3436

EUVD