CVE-2012-0048 : OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service

OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.

Published 2012-08-25 10:29:49

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-0048

Openttd » Openttd » Version: 0.3.5
cpe:2.3:a:openttd:openttd:0.3.5:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.6
cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.0
cpe:2.3:a:openttd:openttd:0.4.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.0.1
cpe:2.3:a:openttd:openttd:0.4.0.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.7
cpe:2.3:a:openttd:openttd:0.3.7:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.5
cpe:2.3:a:openttd:openttd:0.4.5:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.6
cpe:2.3:a:openttd:openttd:0.4.6:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.7
cpe:2.3:a:openttd:openttd:0.4.7:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta1
cpe:2.3:a:openttd:openttd:0.6.0:beta1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta5
cpe:2.3:a:openttd:openttd:0.6.0:beta5:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.1 Update RC1
cpe:2.3:a:openttd:openttd:0.6.1:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3 Update RC1
cpe:2.3:a:openttd:openttd:0.5.3:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC5
cpe:2.3:a:openttd:openttd:0.5.0:rc5:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC2
cpe:2.3:a:openttd:openttd:0.5.0:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1
cpe:2.3:a:openttd:openttd:0.5.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.8 Update RC1
cpe:2.3:a:openttd:openttd:0.4.8:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0
cpe:2.3:a:openttd:openttd:0.6.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta4
cpe:2.3:a:openttd:openttd:0.6.0:beta4:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update RC1
cpe:2.3:a:openttd:openttd:0.6.0:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.2 Update RC1
cpe:2.3:a:openttd:openttd:0.5.2:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3 Update RC2
cpe:2.3:a:openttd:openttd:0.5.3:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1 Update RC2
cpe:2.3:a:openttd:openttd:0.5.1:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0
cpe:2.3:a:openttd:openttd:0.5.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.8 Update RC2
cpe:2.3:a:openttd:openttd:0.4.8:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3
cpe:2.3:a:openttd:openttd:0.5.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.1 Update RC2
cpe:2.3:a:openttd:openttd:0.6.1:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3 Update RC3
cpe:2.3:a:openttd:openttd:0.5.3:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC1
cpe:2.3:a:openttd:openttd:0.5.0:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC3
cpe:2.3:a:openttd:openttd:0.5.0:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.8
cpe:2.3:a:openttd:openttd:0.4.8:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta2
cpe:2.3:a:openttd:openttd:0.6.0:beta2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta3
cpe:2.3:a:openttd:openttd:0.6.0:beta3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.2
cpe:2.3:a:openttd:openttd:0.5.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC4
cpe:2.3:a:openttd:openttd:0.5.0:rc4:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1 Update RC3
cpe:2.3:a:openttd:openttd:0.5.1:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1 Update RC1
cpe:2.3:a:openttd:openttd:0.5.1:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.1
cpe:2.3:a:openttd:openttd:0.6.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2-rc1
cpe:2.3:a:openttd:openttd:0.6.2-rc1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2 Update RC1
cpe:2.3:a:openttd:openttd:0.6.2:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2 Update RC2
cpe:2.3:a:openttd:openttd:0.6.2:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.4
cpe:2.3:a:openttd:openttd:0.7.4:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.3 Update RC1
cpe:2.3:a:openttd:openttd:1.0.3:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.2
cpe:2.3:a:openttd:openttd:1.0.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update RC1
cpe:2.3:a:openttd:openttd:1.0.0:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update Beta4
cpe:2.3:a:openttd:openttd:1.0.0:beta4:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update Beta3
cpe:2.3:a:openttd:openttd:1.0.0:beta3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.3 Update RC2
cpe:2.3:a:openttd:openttd:0.7.3:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.3
cpe:2.3:a:openttd:openttd:0.7.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.1 Update RC1
cpe:2.3:a:openttd:openttd:0.7.1:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.0
cpe:2.3:a:openttd:openttd:0.7.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0
cpe:2.3:a:openttd:openttd:1.0.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update RC3
cpe:2.3:a:openttd:openttd:1.0.0:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update RC2
cpe:2.3:a:openttd:openttd:1.0.0:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.4 Update RC1
cpe:2.3:a:openttd:openttd:0.7.4:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.3 Update RC1
cpe:2.3:a:openttd:openttd:0.7.3:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.1 Update RC3
cpe:2.3:a:openttd:openttd:0.7.1:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.1 Update RC2
cpe:2.3:a:openttd:openttd:0.7.1:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.3
cpe:2.3:a:openttd:openttd:0.6.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.3 Update RC1
cpe:2.3:a:openttd:openttd:0.6.3:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2
cpe:2.3:a:openttd:openttd:0.6.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.2 Update RC1
cpe:2.3:a:openttd:openttd:1.0.2:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.1
cpe:2.3:a:openttd:openttd:1.0.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update Beta2
cpe:2.3:a:openttd:openttd:1.0.0:beta2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.0 Update Beta1
cpe:2.3:a:openttd:openttd:1.0.0:beta1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.2
cpe:2.3:a:openttd:openttd:0.7.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.2 Update RC2
cpe:2.3:a:openttd:openttd:0.7.2:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.0 Update RC2
cpe:2.3:a:openttd:openttd:0.7.0:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.0 Update RC1
cpe:2.3:a:openttd:openttd:0.7.0:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.1 Update RC2
cpe:2.3:a:openttd:openttd:1.0.1:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.1 Update RC1
cpe:2.3:a:openttd:openttd:1.0.1:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.5
cpe:2.3:a:openttd:openttd:0.7.5:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.5 Update RC1
cpe:2.3:a:openttd:openttd:0.7.5:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.2 Update RC1
cpe:2.3:a:openttd:openttd:0.7.2:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.1
cpe:2.3:a:openttd:openttd:0.7.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.0 Update Beta2
cpe:2.3:a:openttd:openttd:0.7.0:beta2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.7.0 Update Beta1
cpe:2.3:a:openttd:openttd:0.7.0:beta1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.3
cpe:2.3:a:openttd:openttd:1.0.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.5 Update RC2
cpe:2.3:a:openttd:openttd:1.0.5:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.4
cpe:2.3:a:openttd:openttd:1.0.4:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.4 Update RC1
cpe:2.3:a:openttd:openttd:1.0.4:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.5 Update RC1
cpe:2.3:a:openttd:openttd:1.0.5:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.0.5
cpe:2.3:a:openttd:openttd:1.0.5:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2-rc2
cpe:2.3:a:openttd:openttd:0.6.2-rc2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.1.4
cpe:2.3:a:openttd:openttd:1.1.4:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 1.1.3
cpe:2.3:a:openttd:openttd:1.1.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-0048

EPSS FAQ

1.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-0048

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-0048

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0048

http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303

Servers don't pause while players connect - Transport Tycoon Forums
http://security.openttd.org/en/CVE-2012-0049

OpenTTD - Security tracker -
Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/01/07/2

oss-security - CVE request for OpenTTD
http://secunia.com/advisories/50137

Sign in
Vendor Advisory
http://bugs.openttd.org/task/4955

FS#4955 : Players can block servers forever
Vendor Advisory
http://www.debian.org/security/2012/dsa-2524

Debian -- Security Information -- DSA-2524-1 openttd

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/01/13/8

oss-security - Re: CVE request for OpenTTD
http://vcs.openttd.org/svn/changeset/23764

GitHub - OpenTTD/OpenTTD: OpenTTD is an open source simulation game based upon Transport Tycoon Deluxe
Exploit;Patch

Jump to

Vulnerability Details : CVE-2012-0048

Products affected by CVE-2012-0048

Exploit prediction scoring system (EPSS) score for CVE-2012-0048

CVSS scores for CVE-2012-0048

CWE ids for CVE-2012-0048

References for CVE-2012-0048