CVE - CVE-2010-2534

CVE-ID
CVE-2010-2534	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:40630 URL:http://secunia.com/advisories/40630 MISC:40760 URL:http://secunia.com/advisories/40760 MISC:41804 URL:http://www.securityfocus.com/bid/41804 MISC:66503 URL:~~http://osvdb.org/66503~~ (Obsolete source) MISC:ADV-2010-1888 URL:~~http://www.vupen.com/english/advisories/2010/1888~~ (Obsolete source) MISC:ADV-2010-1916 URL:~~http://www.vupen.com/english/advisories/2010/1916~~ (Obsolete source) MISC:FEDORA-2010-11401 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044516.html MISC:FEDORA-2010-11450 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044565.html MISC:[oss-security] 20100720 CVE request for OpenTTD URL:http://www.openwall.com/lists/oss-security/2010/07/20/1 MISC:http://bugs.openttd.org/task/3909 URL:http://bugs.openttd.org/task/3909 MISC:http://bugs.openttd.org/task/3909/getfile/6237/loop_fix.patch URL:http://bugs.openttd.org/task/3909/getfile/6237/loop_fix.patch MISC:http://security.openttd.org/en/CVE-2010-2534 URL:http://security.openttd.org/en/CVE-2010-2534 MISC:openttd-networksynccommandqueue-dos(60568) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/60568
Assigning CNA
Red Hat, Inc.
Date Record Created
20100630	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100630)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)