Openttd
CVE-2012-0048
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.
AnalysisAI
OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-399. OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. Affected products include: Openttd. Version information: through 1.1.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to
The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a
Same weakness CWE-399 – Resource Management Errors
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today