CVE-2011-3342
OpenTTD < 1.1.3 - Remote Code Execution via Savegame Chunk Loading
Title source: llmDescription
Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.
References (9)
Core 9
Core References
Various Sources x_refsource_confirm
http://security.openttd.org/en/CVE-2011-3342
Patch x_refsource_confirm
http://bugs.openttd.org/task/4748
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html
Patch x_refsource_confirm
http://bugs.openttd.org/task/4717
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46075
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2386
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/09/02/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49439
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/09/06/2
Scores
EPSS
0.0501
EPSS Percentile
91.2%
Details
CWE
CWE-119
Status
published
Products (28)
openttd/openttd
0.1.1
openttd/openttd
0.1.2
openttd/openttd
0.1.3
openttd/openttd
0.1.4
openttd/openttd
0.2.0
openttd/openttd
0.2.1
openttd/openttd
0.3.0
openttd/openttd
0.3.1
openttd/openttd
0.3.2
openttd/openttd
0.3.2.1
... and 18 more
Published
Sep 08, 2011
Tracked Since
Feb 18, 2026