| Vulnerability Name: | CVE-2010-4168 (CCN-63257) | ||||||||||||||||
| Assigned: | 2010-11-14 | ||||||||||||||||
| Published: | 2010-11-14 | ||||||||||||||||
| Updated: | 2010-12-18 | ||||||||||||||||
| Summary: | Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-4168 Source: FEDORA Type: UNKNOWN FEDORA-2010-18571 Source: FEDORA Type: UNKNOWN FEDORA-2010-18572 Source: MLIST Type: UNKNOWN [oss-security] 20101114 CVE request for OpenTTD Source: MLIST Type: UNKNOWN [oss-security] 20101115 Re: CVE request for OpenTTD Source: CCN Type: SA42205 OpenTTD Denial of Service Vulnerability Source: SECUNIA Type: UNKNOWN 42578 Source: CONFIRM Type: Patch, Vendor Advisory http://security.openttd.org/en/CVE-2010-4168 Source: CONFIRM Type: Patch http://security.openttd.org/en/patch/28.patch Source: CONFIRM Type: UNKNOWN http://vcs.openttd.org/svn/changeset/21182 Source: CCN Type: OpenTTD Web site OpenTTD Source: CCN Type: oss-security Mailing List, Sun, 14 Nov 2010 18:11:32 +0100 CVE request for OpenTTD Source: CCN Type: OSVDB ID: 69502 OpenTTD Session Disconnection Use-after-free Remote DoS Source: BID Type: UNKNOWN 44844 Source: CCN Type: BID-44844 OpenTTD Use-After-Free Multiple Remote Denial of Service Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2010-2985 Source: VUPEN Type: UNKNOWN ADV-2010-3199 Source: XF Type: UNKNOWN openttd-client-error-dos(63257) | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||