CVE-2010-4168

Name	CVE-2010-4168
Description	Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	603752

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openttd (PTS)	bullseye	1.10.3-1	fixed
	bookworm	13.0-2	fixed
	sid	14.1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openttd	source	lenny	(not affected)
openttd	source	(unstable)	1.0.4-3			603752

[lenny] - openttd <not-affected> (Introduced in 1.0)