CVE-2010-0402
OpenTTD < 1.0.1 - Authenticated Remote Code Execution via Crafted In-Game Command
Title source: llmDescription
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
References (2)
Core 2
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39669
Vendor Advisory x_refsource_confirm
http://security.openttd.org/en/CVE-2010-0402
Scores
EPSS
0.0222
EPSS Percentile
80.5%
Details
CWE
CWE-94
Status
published
Products (28)
openttd/openttd
0.1.1
openttd/openttd
0.1.2
openttd/openttd
0.1.3
openttd/openttd
0.1.4
openttd/openttd
0.2.0
openttd/openttd
0.2.1
openttd/openttd
0.3.0
openttd/openttd
0.3.1
openttd/openttd
0.3.2
openttd/openttd
0.3.2.1
... and 18 more
Published
May 05, 2010
Tracked Since
Feb 18, 2026