CVE-2010-4168

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2010-4168
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-4168.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2010-4168
Related
Published
2010-11-17T16:00:37Z
Modified
2024-09-24T17:00:05Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/networkserver.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/networkserver.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

References

Affected packages

Debian:11 / openttd

Package

Name
openttd
Purl
pkg:deb/debian/openttd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openttd

Package

Name
openttd
Purl
pkg:deb/debian/openttd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}