FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenTTD -- Denial of service using forcefully crashed aircrafts

Affected packages
0.3.6 <= openttd < 1.3.3

Details

VuXML ID d2073237-5b52-11e3-80f7-c86000cbc6ec
Discovery 2013-11-28
Entry 2013-11-28

The OpenTTD Team reports:

The problem is caused by incorrectly handling the fact that the aircraft circling the corner airport will be outside of the bounds of the map. In the 'out of fuel' crash code the height of the tile under the aircraft is determined. In this case that means a tile outside of the allocated map array, which could occasionally trigger invalid reads.

References

CVE Name CVE-2013-6411
URL http://bugs.openttd.org/task/5820
URL http://vcs.openttd.org/svn/changeset/26134
URL https://security.openttd.org/en/CVE-2013-6411