Launchpad CVE tracker

CVE 2010-2534

The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.

Related bugs and status

CVE-2010-2534 (Candidate) is related to these bugs:

Bug #576396: Please update to 1.0.3

Summary				In	Importance	Status
	576396	Please update to 1.0.3		openttd (Ubuntu)	Medium	Fix Released

Bug #613765: Sync openttd 1.0.3-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	613765	Sync openttd 1.0.3-1 (universe) from Debian unstable (main)		openttd (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.openttd.or...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/66503
MISC: http://www.vupen.com/e...
MISC: http://www.vupen.com/e...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.openwall.co...
MISC: http://bugs.openttd.or...
MISC: http://security.opentt...
MISC: https://exchange.xforc...

Launchpad.net

CVE 2010-2534

Related bugs and status

Related bugs

References