SB2019110733 - Resource exhaustion in openttd.com OpenTTD

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2012-0049)

The vulnerability allows a remote authenticated user to perform service disruption.

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

Remediation

Install update from vendor's website.

References

• http://security.openttd.org/en/CVE-2012-0049
• http://www.debian.org/security/2012/dsa-2524
• http://www.openwall.com/lists/oss-security/2012/01/13/9
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0049
• https://security-tracker.debian.org/tracker/CVE-2012-0049