FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  482553
Date:      2018-10-20
Time:      14:57:16Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9bad5ab1-f3f6-11e0-8b5c-b482fe3f522dOpenTTD -- Multiple buffer overflows in validation of external data

The OpenTTD Team reports:

Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.


Discovery 2011-08-25
Entry 2011-10-16
openttd
ge 0.1.0 lt 1.1.3

CVE-2011-3343
http://security.openttd.org/en/CVE-2011-3343
e77befb5-f3f9-11e0-8b5c-b482fe3f522dOpenTTD -- Denial of service via improperly validated commands

The OpenTTD Team reports:

Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.


Discovery 2011-08-25
Entry 2011-10-16
openttd
ge 0.3.5 lt 1.1.3

CVE-2011-3341
http://security.openttd.org/en/CVE-2011-3341
78c25ed7-f3f9-11e0-8b5c-b482fe3f522dOpenTTD -- Buffer overflows in savegame loading

The OpenTTD Team reports:

Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.


Discovery 2011-08-08
Entry 2011-10-16
openttd
ge 0.1.0 lt 1.1.3

CVE-2011-3342
http://security.openttd.org/en/CVE-2011-3342
e77befb5-f3f9-11e0-8b5c-b482fe3f522dOpenTTD -- Denial of service via improperly validated commands

The OpenTTD Team reports:

Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.


Discovery 2011-08-25
Entry 2011-10-16
openttd
ge 0.3.5 lt 1.1.3

CVE-2011-3341
http://security.openttd.org/en/CVE-2011-3341
78c25ed7-f3f9-11e0-8b5c-b482fe3f522dOpenTTD -- Buffer overflows in savegame loading

The OpenTTD Team reports:

Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.


Discovery 2011-08-08
Entry 2011-10-16
openttd
ge 0.1.0 lt 1.1.3

CVE-2011-3342
http://security.openttd.org/en/CVE-2011-3342
0f62be39-e8e0-11e1-bea0-002354ed89bcOpenTTD -- Denial of Service

The OpenTTD Team reports:

Denial of service (server) using ships on half tiles and landscaping.


Discovery 2012-07-25
Entry 2012-08-18
openttd
le 1.2.1

CVE-2012-3436
http://security.openttd.org/en/CVE-2012-3436
9bad5ab1-f3f6-11e0-8b5c-b482fe3f522dOpenTTD -- Multiple buffer overflows in validation of external data

The OpenTTD Team reports:

Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.


Discovery 2011-08-25
Entry 2011-10-16
openttd
ge 0.1.0 lt 1.1.3

CVE-2011-3343
http://security.openttd.org/en/CVE-2011-3343
1ac858b0-3fae-11e1-a127-0013d3ccd9dfOpenTTD -- Denial of service (server) via slow read attack

The OpenTTD Team reports:

Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravated by the pause-on-join setting in which case the game is paused and the players cannot continue the game during such an attack. This attack requires that the user is not banned and passes the authorization to the server, although for many servers there is no server password and thus authorization is easy.


Discovery 2012-01-06
Entry 2012-01-16
openttd
ge 0.3.5 lt 1.1.5

CVE-2012-0049
http://security.openttd.org/en/CVE-2012-0049
d2073237-5b52-11e3-80f7-c86000cbc6ecOpenTTD -- Denial of service using forcefully crashed aircrafts

The OpenTTD Team reports:

The problem is caused by incorrectly handling the fact that the aircraft circling the corner airport will be outside of the bounds of the map. In the 'out of fuel' crash code the height of the tile under the aircraft is determined. In this case that means a tile outside of the allocated map array, which could occasionally trigger invalid reads.


Discovery 2013-11-28
Entry 2013-11-28
openttd
ge 0.3.6 lt 1.3.3

CVE-2013-6411
https://security.openttd.org/en/CVE-2013-6411
http://bugs.openttd.org/task/5820
http://vcs.openttd.org/svn/changeset/26134
1ac858b0-3fae-11e1-a127-0013d3ccd9dfOpenTTD -- Denial of service (server) via slow read attack

The OpenTTD Team reports:

Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravated by the pause-on-join setting in which case the game is paused and the players cannot continue the game during such an attack. This attack requires that the user is not banned and passes the authorization to the server, although for many servers there is no server password and thus authorization is easy.


Discovery 2012-01-06
Entry 2012-01-16
openttd
ge 0.3.5 lt 1.1.5

CVE-2012-0049
http://security.openttd.org/en/CVE-2012-0049