CVE-2010-0402

OpenTTD < 1.0.1 - Authenticated Remote Code Execution via Crafted In-Game Command

Title source: llm
STIX 2.1

Description

OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39669
Vendor Advisory x_refsource_confirm
http://security.openttd.org/en/CVE-2010-0402

Scores

EPSS 0.0222
EPSS Percentile 80.5%

Details

CWE
CWE-94
Status published
Products (28)
openttd/openttd 0.1.1
openttd/openttd 0.1.2
openttd/openttd 0.1.3
openttd/openttd 0.1.4
openttd/openttd 0.2.0
openttd/openttd 0.2.1
openttd/openttd 0.3.0
openttd/openttd 0.3.1
openttd/openttd 0.3.2
openttd/openttd 0.3.2.1
... and 18 more
Published May 05, 2010
Tracked Since Feb 18, 2026