Security tracker

This page lists all known vulnerabilities of OpenTTD with an explanation and patches for vulnerable versions.

The list given here is by no means a full list of vulnerabilities. Many vulnerabilities might have been fixed without us being aware of it being a vulnerability in the first place. The list does contain all vulnerabilities that have a CVE number.

Even though we provide some patches for older versions, we advise to use newer versions of OpenTTD.

name description first vulnerable first fixed
1.2.0 - 1.3.2.patch
1.0.0 - 1.1.5.patch
0.6.0 - 0.7.3.patch
0.3.6 - 0.5.3.patch
CVE-2013-6411 Denial of service (server) using forcefully crashed aircrafts. 0.3.6 1.3.3
1.2.0 - 1.2.1.patch
1.1.0 - 1.1.5.patch
1.0.0 - 1.0.5.patch
0.7.0 - 0.7.5.patch
0.6.0 - 0.6.3.patch
CVE-2012-3436 Denial of service (server) using ships on half tiles and landscaping. 0.6.0 1.2.2
1.1.0 - 1.1.4.patch
1.0.2 - 1.0.5.patch
1.0.1 - 1.0.1.patch
1.0.0 - 1.0.0.patch
0.7.0 - 0.7.5.patch
0.6.0 - 0.6.3.patch
CVE-2012-0049 Denial of service (server) via slow read attack 0.3.5 1.1.5
1.1.0 - 1.1.2.patch
1.0.0 - 1.0.5.patch
0.7.0 - 0.7.5.patch
0.6.0 - 0.6.3.patch
0.5.0 - 0.5.3.patch
0.4.5 - 0.4.8.patch
0.3.1 - 0.4.0.1.patch
CVE-2011-3343 Multiple buffer overflows in validation of external data 0.1.0 1.1.3
1.1.2 - 1.1.2.patch
1.1.0 - 1.1.1.patch
1.0.5 - 1.0.5.patch
1.0.0 - 1.0.4.patch
0.7.0 - 0.7.5.patch
0.6.0 - 0.6.3.patch
0.5.0 - 0.5.3.patch
CVE-2011-3342 Buffer overflows in savegame loading 0.1.0 1.1.3
1.1.0 - 1.1.2.patch
1.0.1 - 1.0.5.patch
1.0.0 - 1.0.0.patch
0.7.0 - 0.7.5.patch
0.6.0 - 0.6.3.patch
0.3.5 - 0.5.3.patch
CVE-2011-3341 Denial of service via improperly validated commands 0.3.5 1.1.3
1.0.0 - 1.0.4.patch
CVE-2010-4168 Denial of service (server/client) via invalid read 1.0.0 1.0.5
1.0.1 - 1.0.2.patch
CVE-2010-2534 Denial of service (server) via infinite loop 1.0.1 1.0.3
0.6.0 - 1.0.0.patch
0.3.5 - 0.5.3.patch
CVE-2010-0406 Denial of service (server) via leaking file descriptors 0.3.5 1.0.1
1.0.0 - 1.0.0.patch
0.7.0 - 0.7.5.patch
0.6.0 - 0.6.3.patch
CVE-2010-0402 Denial of service via improperly validated commands 0.3.5 1.0.1
0.7.0 - 1.0.0.patch
0.6.0 - 0.6.3.patch
0.5.1 - 0.5.3.patch
0.3.5 - 0.5.0.patch
CVE-2010-0401 Access restriction circumvention, remote crash 0.3.5 1.0.1
0.6.0 - 0.7.4.patch
CVE-2009-4007 Denial of service (server) using wagons and dual-headed engine 0.6.0 0.7.5
0.6.0 - 0.6.1.patch
0.4.5 - 0.5.3.patch
0.3.4 - 0.4.0.1.patch
0.1.0 - 0.3.3.patch
CVE-2008-3577 Buffer overflow in "-g" parameter handling 0.1.0 0.6.2
0.6.0 - 0.6.1.patch
0.5.0 - 0.5.3.patch
0.4.5 - 0.4.8.patch
CVE-2008-3576 Buffer overflow in string truncation. 0.4.5 0.6.2
0.6.0 - 0.6.1.patch
0.3.5 - 0.5.3.patch
CVE-2008-3547 Denial of service (server) via UDP request 0.3.5 0.6.2
0.3.5 - 0.4.7.patch
CVE-2006-1999 Denial of service (client) via UDP packet with incorrect size 0.3.5 0.4.8
0.4.5 - 0.4.7.patch
0.4.0 - 0.4.0.1.patch
0.3.5 - 0.3.5.patch
CVE-2006-1998 Denial of service (server) via invalid error number 0.3.5 0.4.8
0.3.5 - 0.4.0.1.patch
CVE-2005-2764 Multiple buffer overflows 0.1.0 0.4.5
0.4.0 - 0.4.0.1.patch
0.3.5 - 0.3.5.patch
CVE-2005-2763 Multiple format string vulnerabilities 0.3.5 0.4.5