CVE-2013-6411
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
92.7%
The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openttd | openttd | 0.3.6 | cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:* |
| openttd | openttd | 0.4.0 | cpe:2.3:a:openttd:openttd:0.4.0:*:*:*:*:*:*:* |
| openttd | openttd | 0.4.0.1 | cpe:2.3:a:openttd:openttd:0.4.0.1:*:*:*:*:*:*:* |
| openttd | openttd | 0.4.5 | cpe:2.3:a:openttd:openttd:0.4.5:*:*:*:*:*:*:* |
| openttd | openttd | 0.4.6 | cpe:2.3:a:openttd:openttd:0.4.6:*:*:*:*:*:*:* |
| openttd | openttd | 0.4.7 | cpe:2.3:a:openttd:openttd:0.4.7:*:*:*:*:*:*:* |
| openttd | openttd | 0.4.8 | cpe:2.3:a:openttd:openttd:0.4.8:*:*:*:*:*:*:* |
| openttd | openttd | 0.5.0 | cpe:2.3:a:openttd:openttd:0.5.0:*:*:*:*:*:*:* |
| openttd | openttd | 0.5.1 | cpe:2.3:a:openttd:openttd:0.5.1:*:*:*:*:*:*:* |
| openttd | openttd | 0.5.2 | cpe:2.3:a:openttd:openttd:0.5.2:*:*:*:*:*:*:* |
References
bugs.openttd.org/task/5820
lists.opensuse.org/opensuse-updates/2013-12/msg00095.html
seclists.org/oss-sec/2013/q4/375
secunia.com/advisories/55589
secunia.com/advisories/56218
vcs.openttd.org/svn/changeset/26134
www.securityfocus.com/bid/64003
exchange.xforce.ibmcloud.com/vulnerabilities/89334
security.openttd.org/en/CVE-2013-6411
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
92.7%