CVE-2012-0048

OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
openttdopenttd
0.3.5
openttdopenttd
0.3.6
openttdopenttd
0.3.7
openttdopenttd
0.4.0
openttdopenttd
0.4.0.1
openttdopenttd
0.4.5
openttdopenttd
0.4.6
openttdopenttd
0.4.7
openttdopenttd
0.4.8
openttdopenttd
0.4.8:rc1
openttdopenttd
0.4.8:rc2
openttdopenttd
0.5.0
openttdopenttd
0.5.0:rc1
openttdopenttd
0.5.0:rc2
openttdopenttd
0.5.0:rc3
openttdopenttd
0.5.0:rc4
openttdopenttd
0.5.0:rc5
openttdopenttd
0.5.1
openttdopenttd
0.5.1:rc1
openttdopenttd
0.5.1:rc2
openttdopenttd
0.5.1:rc3
openttdopenttd
0.5.2
openttdopenttd
0.5.2:rc1
openttdopenttd
0.5.3
openttdopenttd
0.5.3:rc1
openttdopenttd
0.5.3:rc2
openttdopenttd
0.5.3:rc3
openttdopenttd
0.6.0
openttdopenttd
0.6.0:beta1
openttdopenttd
0.6.0:beta2
openttdopenttd
0.6.0:beta3
openttdopenttd
0.6.0:beta4
openttdopenttd
0.6.0:beta5
openttdopenttd
0.6.0:rc1
openttdopenttd
0.6.1
openttdopenttd
0.6.1:rc1
openttdopenttd
0.6.1:rc2
openttdopenttd
0.6.2
openttdopenttd
0.6.2:rc1
openttdopenttd
0.6.2:rc2
openttdopenttd
0.6.2-rc1
openttdopenttd
0.6.2-rc2
openttdopenttd
0.6.3
openttdopenttd
0.6.3:rc1
openttdopenttd
0.7.0
openttdopenttd
0.7.0:beta1
openttdopenttd
0.7.0:beta2
openttdopenttd
0.7.0:rc1
openttdopenttd
0.7.0:rc2
openttdopenttd
0.7.1
openttdopenttd
0.7.1:rc1
openttdopenttd
0.7.1:rc2
openttdopenttd
0.7.1:rc3
openttdopenttd
0.7.2
openttdopenttd
0.7.2:rc1
openttdopenttd
0.7.2:rc2
openttdopenttd
0.7.3
openttdopenttd
0.7.3:rc1
openttdopenttd
0.7.3:rc2
openttdopenttd
0.7.4
openttdopenttd
0.7.4:rc1
openttdopenttd
0.7.5
openttdopenttd
0.7.5:rc1
openttdopenttd
1.0.0
openttdopenttd
1.0.0:beta1
openttdopenttd
1.0.0:beta2
openttdopenttd
1.0.0:beta3
openttdopenttd
1.0.0:beta4
openttdopenttd
1.0.0:rc1
openttdopenttd
1.0.0:rc2
openttdopenttd
1.0.0:rc3
openttdopenttd
1.0.1
openttdopenttd
1.0.1:rc1
openttdopenttd
1.0.1:rc2
openttdopenttd
1.0.2
openttdopenttd
1.0.2:rc1
openttdopenttd
1.0.3
openttdopenttd
1.0.3:rc1
openttdopenttd
1.0.4
openttdopenttd
1.0.4:rc1
openttdopenttd
1.0.5
openttdopenttd
1.0.5:rc1
openttdopenttd
1.0.5:rc2
openttdopenttd
1.1.3
openttdopenttd
1.1.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openttd
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
ignored
oneiric
ignored
natty
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://bugs.openttd.org/task/4955
http://secunia.com/advisories/50137
http://security.openttd.org/en/CVE-2012-0049
http://vcs.openttd.org/svn/changeset/23764
http://www.debian.org/security/2012/dsa-2524
http://www.openwall.com/lists/oss-security/2012/01/07/2
http://www.openwall.com/lists/oss-security/2012/01/13/8
http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303
http://bugs.openttd.org/task/4955
http://secunia.com/advisories/50137
http://security.openttd.org/en/CVE-2012-0049
http://vcs.openttd.org/svn/changeset/23764
http://www.debian.org/security/2012/dsa-2524
http://www.openwall.com/lists/oss-security/2012/01/07/2
http://www.openwall.com/lists/oss-security/2012/01/13/8
http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303