CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3576

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0350%
EPSS Percentile16.77th
PublishedAug 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Openttd

Openttd

<= 0.6.2-rc2
πŸ“¦
Openttd

Openttd

= 0.6.1
πŸ“¦
Openttd

Openttd

= 0.6.2-rc1

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=233929
πŸ”— http://secunia.com/advisories/31350
πŸ”— http://secunia.com/advisories/34161
πŸ”— http://security.gentoo.org/glsa/glsa-200903-09.xml
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=617243
πŸ”— http://www.openttd.org/index.php
πŸ”— http://www.securityfocus.com/bid/30525
πŸ”— http://www.vupen.com/english/advisories/2008/2285

Related Vulnerabilities

CVE-2008-35479.0

Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persist...

CVE-2005-27637.5

Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and p...

CVE-2005-27647.5

Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbi...

CVE-2010-41687.5

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (inv...