Quake 3 Engine Security Vulnerabilities and Issues — Quake 3 Engine CVE List

Lucene search

Id SoftwareQuake 3 Engine

9 matches found

CVE•added 2005/05/02 4:0 a.m.•55 views

CVE-2005-0983

Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.

5CVSS7AI score0.0134EPSS

CVE•added 2006/05/08 11:2 p.m.•47 views

CVE-2006-2236

Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.

7.6CVSS7.5AI score0.01739EPSS

CVE•added 2005/02/16 5:0 a.m.•45 views

CVE-2005-0430

The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.

5CVSS7.2AI score0.01568EPSS

CVE•added 2006/06/30 11:5 p.m.•40 views

CVE-2006-3325

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake...

5CVSS6.7AI score0.04137EPSS

CVE•added 2006/07/06 8:5 p.m.•36 views

CVE-2006-3401

Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.

7.5CVSS7.9AI score0.05541EPSS

CVE•added 2006/05/10 2:18 a.m.•32 views

CVE-2006-2082

Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server...

7.5CVSS6.7AI score0.00719EPSS

CVE•added 2006/06/07 12:2 a.m.•29 views

CVE-2006-2875

Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.

7.5CVSS8.1AI score0.04453EPSS

CVE•added 2006/06/30 11:5 p.m.•29 views

CVE-2006-3324

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

5CVSS6.8AI score0.02532EPSS

CVE•added 2006/07/06 8:5 p.m.•29 views

CVE-2006-3400

Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.

7.5CVSS8AI score0.02885EPSS