CVE-2011-3342

OpenTTD < 1.1.3 - Remote Code Execution via Savegame Chunk Loading

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.

References (9)

Core 9
Core References
Various Sources x_refsource_confirm
http://security.openttd.org/en/CVE-2011-3342
Patch x_refsource_confirm
http://bugs.openttd.org/task/4748
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html
Patch x_refsource_confirm
http://bugs.openttd.org/task/4717
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46075
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2386
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/09/02/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49439
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/09/06/2

Scores

EPSS 0.0501
EPSS Percentile 91.2%

Details

CWE
CWE-119
Status published
Products (28)
openttd/openttd 0.1.1
openttd/openttd 0.1.2
openttd/openttd 0.1.3
openttd/openttd 0.1.4
openttd/openttd 0.2.0
openttd/openttd 0.2.1
openttd/openttd 0.3.0
openttd/openttd 0.3.1
openttd/openttd 0.3.2
openttd/openttd 0.3.2.1
... and 18 more
Published Sep 08, 2011
Tracked Since Feb 18, 2026