CVE-2008-3577 (GCVE-0-2008-3577)
Vulnerability from cvelistv5 – Published: 2008-08-10 21:00 – Updated: 2024-08-07 09:45
VLAI
Summary
Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/34161 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-200903-09.xml | vendor-advisoryx_refsource_GENTOO |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/30525 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/2285 | vdb-entryx_refsource_VUPEN |
| http://bugs.gentoo.org/show_bug.cgi?id=233929 | x_refsource_CONFIRM |
Date Public
2008-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34161"
},
{
"name": "GLSA-200903-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=617243"
},
{
"name": "openttd-ttdmain-bo(44436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44436"
},
{
"name": "30525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30525"
},
{
"name": "ADV-2008-2285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=233929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the \"-g\" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34161"
},
{
"name": "GLSA-200903-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=617243"
},
{
"name": "openttd-ttdmain-bo(44436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44436"
},
{
"name": "30525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30525"
},
{
"name": "ADV-2008-2285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=233929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the \"-g\" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34161"
},
{
"name": "GLSA-200903-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-09.xml"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=617243",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=617243"
},
{
"name": "openttd-ttdmain-bo(44436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44436"
},
{
"name": "30525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30525"
},
{
"name": "ADV-2008-2285",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2285"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=233929",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=233929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3577",
"datePublished": "2008-08-10T21:00:00.000Z",
"dateReserved": "2008-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2008-3577",
"date": "2026-06-02",
"epss": "0.0008",
"percentile": "0.23629"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"499EFCAE-9309-4C26-A846-10396CBC628D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6908E44D-3553-430D-B870-266971DC0D17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEBDEF33-48E4-42F4-A725-838DA9191334\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"422B0D3E-503C-4CA6-83B9-4FC58BA898C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46557BD6-66A0-4892-9468-687A4B63F5B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A186C5E-ACAA-47C8-9FA0-133E9D7F2900\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24094775-BAF9-4C2E-8C38-86916E22B5A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7CF73FA-09F6-4CE5-932E-BA6B43D66F1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E87583-5769-4114-94F7-043897DA0FC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"718E8C39-A59C-4576-B00D-31A8F0C1762C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B1A7D7-D920-41F3-8DE9-D39007DDDEFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"327B826F-0F4E-420D-8C93-4551A4B9F190\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE12C455-5CA0-4581-A3F3-CC8867CCEEE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DC5E23E-3A14-49B4-A676-AAA96F25D01D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F65EA852-3C46-47D6-8D6B-DC3546165CC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4441B6D-1A48-4DD4-AAAB-FC3B5F00DE4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"985D96E7-0BAE-46DF-A1E2-BD4585C6CABF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73062670-5CB9-4AB8-B45D-21E0D557FD49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"876A0BCB-F792-4A21-85AB-5D7D63C3E987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97BFB677-F29E-451E-855A-452F8AE0A9D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.8:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"99308463-E1A6-4018-819E-29043BFE8886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.4.8:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9E8C9AB-C303-4FB0-AD1D-C7EE4E93E347\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF5AEFDA-322E-49CD-AE94-82020B9B7AE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AF50B50-ED50-4BCD-8BAE-9161911A0FCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3485EF5-F3DF-4622-92D9-B092F46D5AFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"12EB77E6-94D0-4980-B392-59ACABEDB8D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"3051AB9F-5C64-4D95-805F-8575B5BD39D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"494DD878-5854-49DC-A0E1-2904D70582EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFD07BE5-47E4-47E6-B6A2-CEC2BCC3E383\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A5AA729-0198-4644-9810-E501C3C47EE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D5EC680-4686-4C04-957E-B597A1563F1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2C02877-6FE8-4C98-9AB6-5E4D1AC49FFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89325227-4E0A-49FA-83C1-D0D5E2CEF45D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"21763CB0-1FFA-4FF4-AA6F-47614E8BEEB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A151DBA9-3A94-431F-BC22-C86E4268263B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7246859E-A6CF-4617-A37A-BF17849D43F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.3:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"85FA63BC-2292-49F8-A0E1-34C8497236C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.5.3:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"78365F07-CF44-48FD-B048-2F510D147D0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBAD231-4365-4A5F-9FD8-1EE13F7FC8A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B052159B-4CFF-47DE-A1B7-35C467AD73BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDF5228B-B99A-4E4E-A66F-59275A36B28E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E5F1FE7-ADCB-42AD-AB99-0F17AD8E2FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD6E4B8D-6C12-4053-A8D2-F64F92AF733A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B9BDCD3-85B9-4C17-B625-FC7F62450FB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8648A48E-BCF9-4B34-B1FF-16B780C2797D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B0C66D6-F933-43B1-8BC0-72625E70442C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"72070978-F3B9-46D6-A3FD-0932D751AD86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openttd:openttd:0.6.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D6483EA-FC98-4367-A34B-795F858815E6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the \\\"-g\\\" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en src/openttd.cpp en OpenTTD anterior a 0.6.2, permite a usuarios locales ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un nombre de archivo largo proporcionando el par\\u00e1metro \\\"-g\\\" en la funci\\u00f3n ttd_main. NOTA: es inveros\\u00edmil que esta cuesti\\u00f3n pueda sobrepasar los l\\u00edmites de privilegios en entornos t\\u00edpicos(est\\u00e1ndar).\"}]",
"id": "CVE-2008-3577",
"lastModified": "2024-11-21T00:49:35.237",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2008-08-10T21:41:00.000",
"references": "[{\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=233929\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34161\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200903-09.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=617243\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/30525\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2285\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44436\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=233929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200903-09.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=617243\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/30525\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44436\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-3577\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-08-10T21:41:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the \\\"-g\\\" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en src/openttd.cpp en OpenTTD anterior a 0.6.2, permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de archivo largo proporcionando el par\u00e1metro \\\"-g\\\" en la funci\u00f3n ttd_main. NOTA: es inveros\u00edmil que esta cuesti\u00f3n pueda sobrepasar los l\u00edmites de privilegios en entornos t\u00edpicos(est\u00e1ndar).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"499EFCAE-9309-4C26-A846-10396CBC628D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6908E44D-3553-430D-B870-266971DC0D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEBDEF33-48E4-42F4-A725-838DA9191334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"422B0D3E-503C-4CA6-83B9-4FC58BA898C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46557BD6-66A0-4892-9468-687A4B63F5B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A186C5E-ACAA-47C8-9FA0-133E9D7F2900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24094775-BAF9-4C2E-8C38-86916E22B5A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CF73FA-09F6-4CE5-932E-BA6B43D66F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E87583-5769-4114-94F7-043897DA0FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"718E8C39-A59C-4576-B00D-31A8F0C1762C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B1A7D7-D920-41F3-8DE9-D39007DDDEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"327B826F-0F4E-420D-8C93-4551A4B9F190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE12C455-5CA0-4581-A3F3-CC8867CCEEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DC5E23E-3A14-49B4-A676-AAA96F25D01D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F65EA852-3C46-47D6-8D6B-DC3546165CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4441B6D-1A48-4DD4-AAAB-FC3B5F00DE4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"985D96E7-0BAE-46DF-A1E2-BD4585C6CABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73062670-5CB9-4AB8-B45D-21E0D557FD49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"876A0BCB-F792-4A21-85AB-5D7D63C3E987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97BFB677-F29E-451E-855A-452F8AE0A9D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"99308463-E1A6-4018-819E-29043BFE8886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9E8C9AB-C303-4FB0-AD1D-C7EE4E93E347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5AEFDA-322E-49CD-AE94-82020B9B7AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AF50B50-ED50-4BCD-8BAE-9161911A0FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3485EF5-F3DF-4622-92D9-B092F46D5AFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"12EB77E6-94D0-4980-B392-59ACABEDB8D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3051AB9F-5C64-4D95-805F-8575B5BD39D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"494DD878-5854-49DC-A0E1-2904D70582EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD07BE5-47E4-47E6-B6A2-CEC2BCC3E383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A5AA729-0198-4644-9810-E501C3C47EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D5EC680-4686-4C04-957E-B597A1563F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2C02877-6FE8-4C98-9AB6-5E4D1AC49FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89325227-4E0A-49FA-83C1-D0D5E2CEF45D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"21763CB0-1FFA-4FF4-AA6F-47614E8BEEB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A151DBA9-3A94-431F-BC22-C86E4268263B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7246859E-A6CF-4617-A37A-BF17849D43F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"85FA63BC-2292-49F8-A0E1-34C8497236C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"78365F07-CF44-48FD-B048-2F510D147D0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBAD231-4365-4A5F-9FD8-1EE13F7FC8A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B052159B-4CFF-47DE-A1B7-35C467AD73BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDF5228B-B99A-4E4E-A66F-59275A36B28E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E5F1FE7-ADCB-42AD-AB99-0F17AD8E2FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD6E4B8D-6C12-4053-A8D2-F64F92AF733A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B9BDCD3-85B9-4C17-B625-FC7F62450FB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8648A48E-BCF9-4B34-B1FF-16B780C2797D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0C66D6-F933-43B1-8BC0-72625E70442C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"72070978-F3B9-46D6-A3FD-0932D751AD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6483EA-FC98-4367-A34B-795F858815E6\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=233929\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34161\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200903-09.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=617243\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30525\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2285\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44436\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=233929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200903-09.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=617243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44436\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…