CVE - CVE-2010-4168

CVE-ID
CVE-2010-4168	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:42578 URL:http://secunia.com/advisories/42578 MISC:44844 URL:http://www.securityfocus.com/bid/44844 MISC:ADV-2010-2985 URL:~~http://www.vupen.com/english/advisories/2010/2985~~ (Obsolete source) MISC:ADV-2010-3199 URL:~~http://www.vupen.com/english/advisories/2010/3199~~ (Obsolete source) MISC:FEDORA-2010-18571 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052187.html MISC:FEDORA-2010-18572 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052193.html MISC:[oss-security] 20101114 CVE request for OpenTTD URL:http://marc.info/?l=oss-security&m=128975491407670&w=2 MISC:[oss-security] 20101115 Re: CVE request for OpenTTD URL:http://marc.info/?l=oss-security&m=128984298802678&w=2 MISC:http://security.openttd.org/en/CVE-2010-4168 URL:http://security.openttd.org/en/CVE-2010-4168 MISC:http://security.openttd.org/en/patch/28.patch URL:http://security.openttd.org/en/patch/28.patch MISC:http://vcs.openttd.org/svn/changeset/21182 URL:http://vcs.openttd.org/svn/changeset/21182
Assigning CNA
Red Hat, Inc.
Date Record Created
20101104	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101104)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)