Candidate: CVE-2010-2534
PublicDate: 2010-07-28 12:48:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2534
Description:
 The NetworkSyncCommandQueue function in network/network_command.cpp in
 OpenTTD before 1.0.3 does not properly clear a pointer in a linked list,
 which allows remote attackers to cause a denial of service (infinite loop
 and CPU consumption) via a crafted request, related to the client command
 queue.
Ubuntu-Description:
Notes:
  sbeattie> upstream claims the first vulnerable version is 1.0.1
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_openttd:
  upstream: http://security.openttd.org/en/patch/27.patch
upstream_openttd: released (1.0.3)
dapper_openttd: DNE
hardy_openttd: not-affected (0.6.0-2)
jaunty_openttd: not-affected (0.6.3-1)
karmic_openttd: not-affected (0.7.1-1)
lucid_openttd: not-affected (1.0.0-2)
devel_openttd: not-affected (1.0.3-1)