CVE-2008-3576 (vulnerable 0.4.5 - fixed 0.6.2)

Short description: Buffer overflow in string truncation.

Official CVE-2008-3576 entry at cve.mitre.org.

Related bug reports:

Related commits:

Patches: (sometimes more fuzz is needed to apply them)

Buffer overflow in the TruncateString function allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string.

To trigger this bug a custom language file is needed that is large enough to exceed the size of the buffer. No released version of OpenTTD has had strings nearly long enough to trigger this.