oss-sec mailing list archives
CVE request for OpenTTD
From: Rubidium <rubidium () openttd org>
Date: Thu, 28 Nov 2013 21:10:53 +0100
Hello folks, the OpenTTD team and contributors have discovered several a security vulnerability in OpenTTD. Please be so kind to allocate a CVE id for the issues detailed below: Denial of service (server) using forcefully crashed aircraftsA missing validation allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed.
A test case, and simple guide how to reproduce it can be found in the issue in our bug tracker at http://bugs.openttd.org/task/5820
Vulnerability is present since 0.3.6 and will be fixed in the upcoming 1.3.3 release. Once the CVE id is allocated, the issue will be fully documented at http://security.openttd.org/en/CVE-2013-xxxx Thanks, Remko 'Rubidium' Bijker [Please CC me, I'm not subscribed.]
Current thread:
- CVE request for OpenTTD Rubidium (Nov 28)
- Re: CVE request for OpenTTD Kurt Seifried (Nov 29)