Vulnerability Details : CVE-2012-3436
OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half."
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2012-3436
- cpe:2.3:a:openttd:openttd:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:openttd:openttd:1.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3436
5.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3436
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-3436
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3436
-
http://security.openttd.org/en/CVE-2012-3436
OpenTTD - Security tracker -
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/77266
OpenTTD water denial of service CVE-2012-3436 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/07/31/5
oss-security - Re: CVE request for OpenTTD
-
http://www.openwall.com/lists/oss-security/2012/07/27/5
oss-security - CVE request for OpenTTD
-
http://vcs.openttd.org/svn/changeset/24439
GitHub - OpenTTD/OpenTTD: OpenTTD is an open source simulation game based upon Transport Tycoon Deluxe
-
http://vcs.openttd.org/svn/changeset/24449
GitHub - OpenTTD/OpenTTD: OpenTTD is an open source simulation game based upon Transport Tycoon DeluxeExploit
-
http://lists.opensuse.org/opensuse-updates/2012-08/msg00043.html
openSUSE-SU-2012:1063-1: openttd: update to 1.2.2
-
http://www.securityfocus.com/bid/54720
OpenTTD 'Water Clearing' Feature Denial Of Service Vulnerability
-
http://bugs.openttd.org/task/5254
FS#5254 : 1.2.1 crash
-
http://www.openwall.com/lists/oss-security/2012/07/28/7
oss-security - Re: CVE request for OpenTTD
Jump to