oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for OpenTTD

From: Rubidium <rubidium () openttd org>
Date: Thu, 28 Nov 2013 21:10:53 +0100
Hello folks,

the OpenTTD team and contributors have discovered several a security
vulnerability in OpenTTD. Please be so kind to allocate a CVE id for
the issues detailed below:

Denial of service (server) using forcefully crashed aircrafts
A missing validation allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed.
A test case, and simple guide how to reproduce it can be found in the issue in our bug tracker at http://bugs.openttd.org/task/5820 

Vulnerability is present since 0.3.6 and will be fixed in the upcoming
1.3.3 release.

Once the CVE id is allocated, the issue will be fully documented at
http://security.openttd.org/en/CVE-2013-xxxx

Thanks,
Remko 'Rubidium' Bijker

[Please CC me, I'm not subscribed.]
Previous By Date Next
Previous By Thread Next

Current thread: