Id Software » Quake Ii Server : Security Vulnerabilities, CVEs,

CVE-2004-2597

Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
Max CVSS
5.0
EPSS Score
3.20%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2596

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
Max CVSS
5.0
EPSS Score
2.64%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2593

Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
Max CVSS
7.5
EPSS Score
9.30%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2592

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
Max CVSS
5.0
EPSS Score
12.55%
Published
2004-12-31
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close