Date: Thu, 28 Nov 2013 21:10:53 +0100 From: Rubidium <rubidium@...nttd.org> To: oss-security@...ts.openwall.com Subject: CVE request for OpenTTD Hello folks, the OpenTTD team and contributors have discovered several a security vulnerability in OpenTTD. Please be so kind to allocate a CVE id for the issues detailed below: Denial of service (server) using forcefully crashed aircrafts A missing validation allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed. A test case, and simple guide how to reproduce it can be found in the issue in our bug tracker at http://bugs.openttd.org/task/5820 Vulnerability is present since 0.3.6 and will be fixed in the upcoming 1.3.3 release. Once the CVE id is allocated, the issue will be fully documented at http://security.openttd.org/en/CVE-2013-xxxx Thanks, Remko 'Rubidium' Bijker [Please CC me, I'm not subscribed.]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ