Openttd : Security Vulnerabilities, CVEs, CVSS score >= 6
Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.
Max CVSS
7.5
EPSS Score
12.97%
Published
2011-09-08
Updated
2012-01-19
Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.
Max CVSS
7.5
EPSS Score
3.18%
Published
2011-09-08
Updated
2012-01-19
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.
Max CVSS
7.5
EPSS Score
3.27%
Published
2010-11-17
Updated
2024-02-02
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
Max CVSS
6.5
EPSS Score
0.23%
Published
2010-05-05
Updated
2010-05-05
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
Max CVSS
6.5
EPSS Score
0.22%
Published
2010-05-05
Updated
2010-05-11
Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
8.91%
Published
2008-08-10
Updated
2017-08-08
Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."
Max CVSS
9.0
EPSS Score
3.08%
Published
2009-03-10
Updated
2017-08-08
Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.34%
Published
2005-09-21
Updated
2011-03-08
Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.00%
Published
2005-09-06
Updated
2011-03-08
9 vulnerabilities found