Short description: Buffer overflow in string truncation.
Related bug reports:
Patches: (sometimes more fuzz is needed to apply them)
- For version 0.4.5 up to including 0.4.8
- For version 0.5.0 up to including 0.5.3
- For version 0.6.0 up to including 0.6.1
Buffer overflow in the TruncateString function allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string.
To trigger this bug a custom language file is needed that is large enough to exceed the size of the buffer. No released version of OpenTTD has had strings nearly long enough to trigger this.