Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
Max CVSS
9.3
EPSS Score
23.64%
Published
2007-10-06
Updated
2018-10-15
Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.
Max CVSS
7.5
EPSS Score
10.35%
Published
2006-07-06
Updated
2017-10-19
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
Max CVSS
7.5
EPSS Score
4.50%
Published
2006-07-06
Updated
2017-10-19
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Max CVSS
5.0
EPSS Score
0.72%
Published
2006-06-30
Updated
2018-10-18
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Max CVSS
5.0
EPSS Score
0.62%
Published
2006-06-30
Updated
2018-10-18
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
Max CVSS
7.5
EPSS Score
16.74%
Published
2006-06-07
Updated
2018-10-18
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
Max CVSS
7.6
EPSS Score
5.64%
Published
2006-05-08
Updated
2018-10-18
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.
Max CVSS
7.5
EPSS Score
1.10%
Published
2006-05-10
Updated
2018-10-18
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
Max CVSS
5.0
EPSS Score
1.66%
Published
2005-05-02
Updated
2016-10-18
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Max CVSS
5.0
EPSS Score
3.42%
Published
2005-02-12
Updated
2016-10-18
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
Max CVSS
5.0
EPSS Score
3.20%
Published
2004-12-31
Updated
2017-07-11
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
Max CVSS
5.0
EPSS Score
2.64%
Published
2004-12-31
Updated
2017-07-11
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Max CVSS
5.0
EPSS Score
6.61%
Published
2004-12-31
Updated
2017-07-11
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Max CVSS
5.0
EPSS Score
1.16%
Published
2004-12-31
Updated
2017-07-11
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
Max CVSS
7.5
EPSS Score
9.30%
Published
2004-12-31
Updated
2017-07-11
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
Max CVSS
5.0
EPSS Score
12.55%
Published
2004-12-31
Updated
2017-07-11
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
Max CVSS
5.0
EPSS Score
4.37%
Published
2002-08-12
Updated
2008-09-05
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
Max CVSS
5.0
EPSS Score
1.06%
Published
2001-07-29
Updated
2008-09-10
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
Max CVSS
5.0
EPSS Score
0.94%
Published
2000-11-01
Updated
2017-10-10
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
Max CVSS
6.4
EPSS Score
0.26%
Published
2000-05-03
Updated
2008-09-10
Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
Max CVSS
5.0
EPSS Score
3.42%
Published
2001-07-17
Updated
2017-12-19
Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet.
Max CVSS
7.5
EPSS Score
0.55%
Published
1998-04-07
Updated
2016-10-18
Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
Max CVSS
7.5
EPSS Score
0.55%
Published
1998-04-08
Updated
2016-10-18
Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.
Max CVSS
5.0
EPSS Score
0.25%
Published
1997-12-24
Updated
2017-12-19
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
Max CVSS
2.1
EPSS Score
0.05%
Published
1998-02-25
Updated
2017-12-19
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!