CVE-2010-0402

2010-05-0513:22:54

Debian Security Bug Tracker

security-tracker.debian.org

openttd

remote code execution

denial of service

crafted command

unix

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.004

Percentile

74.1%

JSON

OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.

OSVersionArchitecturePackageVersionFilename
Debian12allopenttd< 1.0.1-1openttd_1.0.1-1_all.deb
Debian11allopenttd< 1.0.1-1openttd_1.0.1-1_all.deb
Debian999allopenttd< 1.0.1-1openttd_1.0.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openttd	< 1.0.1-1	openttd_1.0.1-1_all.deb
Debian	11	all	openttd	< 1.0.1-1	openttd_1.0.1-1_all.deb
Debian	999	all	openttd	< 1.0.1-1	openttd_1.0.1-1_all.deb