Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
50 vulnerabilities by id_software
CVE-2007-5248 (GCVE-0-2007-5248)
Vulnerability from nvd – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/27023 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/27002 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/3333 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/27036 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/d3engfspb-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/25893 | vdb-entryx_refsource_BID |
| http://aluigi.org/poc/d3engfspb.zip | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/481229/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3196 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27023"
},
{
"name": "27002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27002"
},
{
"name": "doom3engine-punkbuster-format-string(36899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36899"
},
{
"name": "ADV-2007-3333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3333"
},
{
"name": "27036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27036"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt"
},
{
"name": "25893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/d3engfspb.zip"
},
{
"name": "20071001 Format string in the Doom 3 engine through PB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481229/100/0/threaded"
},
{
"name": "3196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27023"
},
{
"name": "27002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27002"
},
{
"name": "doom3engine-punkbuster-format-string(36899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36899"
},
{
"name": "ADV-2007-3333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3333"
},
{
"name": "27036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27036"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt"
},
{
"name": "25893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/d3engfspb.zip"
},
{
"name": "20071001 Format string in the Doom 3 engine through PB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481229/100/0/threaded"
},
{
"name": "3196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27023"
},
{
"name": "27002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27002"
},
{
"name": "doom3engine-punkbuster-format-string(36899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36899"
},
{
"name": "ADV-2007-3333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3333"
},
{
"name": "27036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27036"
},
{
"name": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt"
},
{
"name": "25893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25893"
},
{
"name": "http://aluigi.org/poc/d3engfspb.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/d3engfspb.zip"
},
{
"name": "20071001 Format string in the Doom 3 engine through PB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481229/100/0/threaded"
},
{
"name": "3196",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5248",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3400 (GCVE-0-2006-3400)
Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/1976 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/20946 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18777 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/2657 | vdb-entryx_refsource_VUPEN |
Date Public
2006-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "quake3-cgservercommand-bo(27614)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614"
},
{
"name": "1976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1976"
},
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "quake3-cgservercommand-bo(27614)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614"
},
{
"name": "1976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1976"
},
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quake3-cgservercommand-bo(27614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614"
},
{
"name": "1976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1976"
},
{
"name": "20946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20946"
},
{
"name": "18777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "ADV-2006-2657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3400",
"datePublished": "2006-07-06T20:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:32.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3401 (GCVE-0-2006-3401)
Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/20946 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20961 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/1977 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/18777 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2657 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2684 | vdb-entryx_refsource_VUPEN |
Date Public
2006-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "20961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20961"
},
{
"name": "1977",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1977"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "quake3-csitem-bo(27616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27616"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
},
{
"name": "ADV-2006-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "20961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20961"
},
{
"name": "1977",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1977"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "quake3-csitem-bo(27616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27616"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
},
{
"name": "ADV-2006-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20946"
},
{
"name": "20961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20961"
},
{
"name": "1977",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1977"
},
{
"name": "18777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "quake3-csitem-bo(27616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27616"
},
{
"name": "ADV-2006-2657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2657"
},
{
"name": "ADV-2006-2684",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3401",
"datePublished": "2006-07-06T20:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:32.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3324 (GCVE-0-2006-3324)
Vulnerability from nvd – Published: 2006-06-30 23:00 – Updated: 2024-08-07 18:23
VLAI
Summary
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://svn.icculus.org/quake3?rev=804&view=rev | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/438660/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/438515/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/q3cfilevar-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/18685 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/20851 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1171 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/20401 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2569 | vdb-entryx_refsource_VUPEN |
Date Public
2006-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.icculus.org/quake3?rev=804\u0026view=rev"
},
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.icculus.org/quake3?rev=804\u0026view=rev"
},
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.icculus.org/quake3?rev=804\u0026view=rev",
"refsource": "CONFIRM",
"url": "http://svn.icculus.org/quake3?rev=804\u0026view=rev"
},
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3324",
"datePublished": "2006-06-30T23:00:00.000Z",
"dateReserved": "2006-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3325 (GCVE-0-2006-3325)
Vulnerability from nvd – Published: 2006-06-30 23:00 – Updated: 2024-08-07 18:23
VLAI
Summary
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/438660/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/438515/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/q3cfilevar-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/18685 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/20851 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1171 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/20401 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2569 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
},
{
"name": "quake3-clparsedownload-bo(26889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
},
{
"name": "quake3-clparsedownload-bo(26889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2569"
},
{
"name": "quake3-clparsedownload-bo(26889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3325",
"datePublished": "2006-06-30T23:00:00.000Z",
"dateReserved": "2006-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2875 (GCVE-0-2006-2875)
Vulnerability from nvd – Published: 2006-06-07 00:00 – Updated: 2024-08-07 18:06
VLAI
Summary
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/adv/q3cbof-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/18271 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1016219 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/2129 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20401 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/435963/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
},
{
"name": "18271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18271"
},
{
"name": "1016219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
},
{
"name": "18271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18271"
},
{
"name": "1016219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/q3cbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
},
{
"name": "18271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18271"
},
{
"name": "1016219",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2875",
"datePublished": "2006-06-07T00:00:00.000Z",
"dateReserved": "2006-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2082 (GCVE-0-2006-2082)
Vulnerability from nvd – Published: 2006-05-10 00:00 – Updated: 2024-08-07 17:35
VLAI
Summary
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/433349/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/880 | third-party-advisoryx_refsource_SREASON |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/17924 | vdb-entryx_refsource_BID |
Date Public
2006-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "880",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/880"
},
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html"
},
{
"name": "quake3-sv-allowdownload-directory-traversal(26347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26347"
},
{
"name": "17924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via \"..\" sequences in a .pk3 file request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "880",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/880"
},
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html"
},
{
"name": "quake3-sv-allowdownload-directory-traversal(26347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26347"
},
{
"name": "17924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via \"..\" sequences in a .pk3 file request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "880",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/880"
},
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html"
},
{
"name": "quake3-sv-allowdownload-directory-traversal(26347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26347"
},
{
"name": "17924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2082",
"datePublished": "2006-05-10T00:00:00.000Z",
"dateReserved": "2006-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:35:31.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2236 (GCVE-0-2006-2236)
Vulnerability from nvd – Published: 2006-05-08 23:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/433349/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/19984 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/1676 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/17857 | vdb-entryx_refsource_BID |
| http://www.gentoo.org/security/en/glsa/glsa-20060… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/20065 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/1750 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/25279 | vdb-entryx_refsource_OSVDB |
Date Public
2006-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "19984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19984"
},
{
"name": "ADV-2006-1676",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1676"
},
{
"name": "17857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17857"
},
{
"name": "GLSA-200605-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml"
},
{
"name": "20065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20065"
},
{
"name": "quake3-remapshader-client-bo(26264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26264"
},
{
"name": "1750",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1750"
},
{
"name": "25279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "19984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19984"
},
{
"name": "ADV-2006-1676",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1676"
},
{
"name": "17857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17857"
},
{
"name": "GLSA-200605-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml"
},
{
"name": "20065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20065"
},
{
"name": "quake3-remapshader-client-bo(26264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26264"
},
{
"name": "1750",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1750"
},
{
"name": "25279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "19984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19984"
},
{
"name": "ADV-2006-1676",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1676"
},
{
"name": "17857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17857"
},
{
"name": "GLSA-200605-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml"
},
{
"name": "20065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20065"
},
{
"name": "quake3-remapshader-client-bo(26264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26264"
},
{
"name": "1750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1750"
},
{
"name": "25279",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2236",
"datePublished": "2006-05-08T23:00:00.000Z",
"dateReserved": "2006-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:29.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0983 (GCVE-0-2005-0983)
Vulnerability from nvd – Published: 2005-04-05 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/14811 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/q3msgboom-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/12976 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=111246796918067&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://bani.anime.net/banimod/forums/viewtopic.ph… | x_refsource_MISC |
Date Public
2005-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt"
},
{
"name": "12976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12976"
},
{
"name": "20050402 In-game players kicking in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111246796918067\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt"
},
{
"name": "12976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12976"
},
{
"name": "20050402 In-game players kicking in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111246796918067\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14811"
},
{
"name": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt"
},
{
"name": "12976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12976"
},
{
"name": "20050402 In-game players kicking in the Quake 3 engine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111246796918067\u0026w=2"
},
{
"name": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322",
"refsource": "MISC",
"url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0983",
"datePublished": "2005-04-05T04:00:00.000Z",
"dateReserved": "2005-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0430 (GCVE-0-2005-0430)
Vulnerability from nvd – Published: 2005-02-16 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/12534 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=110824822224025&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/q3infoboom-adv.txt | x_refsource_MISC |
Date Public
2005-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12534"
},
{
"name": "20050212 Infostring crash and shutdown in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110824822224025\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12534"
},
{
"name": "20050212 Infostring crash and shutdown in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110824822224025\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12534"
},
{
"name": "20050212 Infostring crash and shutdown in the Quake 3 engine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110824822224025\u0026w=2"
},
{
"name": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0430",
"datePublished": "2005-02-16T05:00:00.000Z",
"dateReserved": "2005-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2594 (GCVE-0-2004-2594)
Vulnerability from nvd – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11183 | vdb-entryx_refsource_OSVDB |
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-information-disclosure(17892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17892"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a \"\\/\" in a pathname argument, as demonstrated by \"download \\/server.cfg\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-information-disclosure(17892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17892"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a \"\\/\" in a pathname argument, as demonstrated by \"download \\/server.cfg\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11183",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11183"
},
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-information-disclosure(17892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17892"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2594",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2595 (GCVE-0-2004-2595)
Vulnerability from nvd – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11184 | vdb-entryx_refsource_OSVDB |
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-dos(17893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17893"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-dos(17893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17893"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11184",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11184"
},
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-dos(17893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17893"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2595",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2596 (GCVE-0-2004-2596)
Vulnerability from nvd – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-mult-conn-dos(17894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17894"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-mult-conn-dos(17894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17894"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-mult-conn-dos(17894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17894"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2596",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2593 (GCVE-0-2004-2593)
Vulnerability from nvd – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/11182 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "quake-cmdargs-bo(17891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17891"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11182"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "quake-cmdargs-bo(17891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17891"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11182"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "quake-cmdargs-bo(17891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17891"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11182",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11182"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2593",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5248 (GCVE-0-2007-5248)
Vulnerability from cvelistv5 – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/27023 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/27002 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/3333 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/27036 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/d3engfspb-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/25893 | vdb-entryx_refsource_BID |
| http://aluigi.org/poc/d3engfspb.zip | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/481229/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3196 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27023"
},
{
"name": "27002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27002"
},
{
"name": "doom3engine-punkbuster-format-string(36899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36899"
},
{
"name": "ADV-2007-3333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3333"
},
{
"name": "27036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27036"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt"
},
{
"name": "25893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/d3engfspb.zip"
},
{
"name": "20071001 Format string in the Doom 3 engine through PB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481229/100/0/threaded"
},
{
"name": "3196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27023"
},
{
"name": "27002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27002"
},
{
"name": "doom3engine-punkbuster-format-string(36899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36899"
},
{
"name": "ADV-2007-3333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3333"
},
{
"name": "27036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27036"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt"
},
{
"name": "25893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/d3engfspb.zip"
},
{
"name": "20071001 Format string in the Doom 3 engine through PB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481229/100/0/threaded"
},
{
"name": "3196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27023"
},
{
"name": "27002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27002"
},
{
"name": "doom3engine-punkbuster-format-string(36899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36899"
},
{
"name": "ADV-2007-3333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3333"
},
{
"name": "27036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27036"
},
{
"name": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/d3engfspb-adv.txt"
},
{
"name": "25893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25893"
},
{
"name": "http://aluigi.org/poc/d3engfspb.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/d3engfspb.zip"
},
{
"name": "20071001 Format string in the Doom 3 engine through PB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481229/100/0/threaded"
},
{
"name": "3196",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5248",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3400 (GCVE-0-2006-3400)
Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/1976 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/20946 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18777 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/2657 | vdb-entryx_refsource_VUPEN |
Date Public
2006-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "quake3-cgservercommand-bo(27614)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614"
},
{
"name": "1976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1976"
},
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "quake3-cgservercommand-bo(27614)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614"
},
{
"name": "1976",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1976"
},
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quake3-cgservercommand-bo(27614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27614"
},
{
"name": "1976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1976"
},
{
"name": "20946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20946"
},
{
"name": "18777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "ADV-2006-2657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3400",
"datePublished": "2006-07-06T20:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:32.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3401 (GCVE-0-2006-3401)
Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/20946 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20961 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/1977 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/18777 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2657 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2684 | vdb-entryx_refsource_VUPEN |
Date Public
2006-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "20961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20961"
},
{
"name": "1977",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1977"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "quake3-csitem-bo(27616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27616"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
},
{
"name": "ADV-2006-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20946"
},
{
"name": "20961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20961"
},
{
"name": "1977",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1977"
},
{
"name": "18777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "quake3-csitem-bo(27616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27616"
},
{
"name": "ADV-2006-2657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2657"
},
{
"name": "ADV-2006-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20946"
},
{
"name": "20961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20961"
},
{
"name": "1977",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1977"
},
{
"name": "18777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18777"
},
{
"name": "quake3-csitem-bo(27616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27616"
},
{
"name": "ADV-2006-2657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2657"
},
{
"name": "ADV-2006-2684",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3401",
"datePublished": "2006-07-06T20:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:32.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3324 (GCVE-0-2006-3324)
Vulnerability from cvelistv5 – Published: 2006-06-30 23:00 – Updated: 2024-08-07 18:23
VLAI
Summary
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://svn.icculus.org/quake3?rev=804&view=rev | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/438660/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/438515/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/q3cfilevar-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/18685 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/20851 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1171 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/20401 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2569 | vdb-entryx_refsource_VUPEN |
Date Public
2006-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.icculus.org/quake3?rev=804\u0026view=rev"
},
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.icculus.org/quake3?rev=804\u0026view=rev"
},
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.icculus.org/quake3?rev=804\u0026view=rev",
"refsource": "CONFIRM",
"url": "http://svn.icculus.org/quake3?rev=804\u0026view=rev"
},
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3324",
"datePublished": "2006-06-30T23:00:00.000Z",
"dateReserved": "2006-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3325 (GCVE-0-2006-3325)
Vulnerability from cvelistv5 – Published: 2006-06-30 23:00 – Updated: 2024-08-07 18:23
VLAI
Summary
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/438660/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/438515/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/q3cfilevar-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/18685 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/20851 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1171 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/20401 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2569 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
},
{
"name": "quake3-clparsedownload-bo(26889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2569"
},
{
"name": "quake3-clparsedownload-bo(26889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438660/100/0/threaded"
},
{
"name": "20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438515/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3cfilevar-adv.txt"
},
{
"name": "18685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18685"
},
{
"name": "20851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20851"
},
{
"name": "1171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1171"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "quake3-cvar-file-overwrite(27486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27486"
},
{
"name": "ADV-2006-2569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2569"
},
{
"name": "quake3-clparsedownload-bo(26889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3325",
"datePublished": "2006-06-30T23:00:00.000Z",
"dateReserved": "2006-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2875 (GCVE-0-2006-2875)
Vulnerability from cvelistv5 – Published: 2006-06-07 00:00 – Updated: 2024-08-07 18:06
VLAI
Summary
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/adv/q3cbof-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/18271 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1016219 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/2129 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20401 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/435963/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
},
{
"name": "18271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18271"
},
{
"name": "1016219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
},
{
"name": "18271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18271"
},
{
"name": "1016219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/q3cbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
},
{
"name": "18271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18271"
},
{
"name": "1016219",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2875",
"datePublished": "2006-06-07T00:00:00.000Z",
"dateReserved": "2006-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2082 (GCVE-0-2006-2082)
Vulnerability from cvelistv5 – Published: 2006-05-10 00:00 – Updated: 2024-08-07 17:35
VLAI
Summary
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/433349/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/880 | third-party-advisoryx_refsource_SREASON |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/17924 | vdb-entryx_refsource_BID |
Date Public
2006-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "880",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/880"
},
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html"
},
{
"name": "quake3-sv-allowdownload-directory-traversal(26347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26347"
},
{
"name": "17924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via \"..\" sequences in a .pk3 file request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "880",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/880"
},
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html"
},
{
"name": "quake3-sv-allowdownload-directory-traversal(26347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26347"
},
{
"name": "17924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via \"..\" sequences in a .pk3 file request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "880",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/880"
},
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html"
},
{
"name": "quake3-sv-allowdownload-directory-traversal(26347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26347"
},
{
"name": "17924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2082",
"datePublished": "2006-05-10T00:00:00.000Z",
"dateReserved": "2006-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:35:31.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2236 (GCVE-0-2006-2236)
Vulnerability from cvelistv5 – Published: 2006-05-08 23:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/433349/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/19984 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/1676 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/17857 | vdb-entryx_refsource_BID |
| http://www.gentoo.org/security/en/glsa/glsa-20060… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/20065 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/1750 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/25279 | vdb-entryx_refsource_OSVDB |
Date Public
2006-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "19984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19984"
},
{
"name": "ADV-2006-1676",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1676"
},
{
"name": "17857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17857"
},
{
"name": "GLSA-200605-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml"
},
{
"name": "20065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20065"
},
{
"name": "quake3-remapshader-client-bo(26264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26264"
},
{
"name": "1750",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1750"
},
{
"name": "25279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "19984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19984"
},
{
"name": "ADV-2006-1676",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1676"
},
{
"name": "17857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17857"
},
{
"name": "GLSA-200605-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml"
},
{
"name": "20065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20065"
},
{
"name": "quake3-remapshader-client-bo(26264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26264"
},
{
"name": "1750",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1750"
},
{
"name": "25279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433349/100/0/threaded"
},
{
"name": "19984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19984"
},
{
"name": "ADV-2006-1676",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1676"
},
{
"name": "17857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17857"
},
{
"name": "GLSA-200605-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml"
},
{
"name": "20065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20065"
},
{
"name": "quake3-remapshader-client-bo(26264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26264"
},
{
"name": "1750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1750"
},
{
"name": "25279",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2236",
"datePublished": "2006-05-08T23:00:00.000Z",
"dateReserved": "2006-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:29.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2594 (GCVE-0-2004-2594)
Vulnerability from cvelistv5 – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11183 | vdb-entryx_refsource_OSVDB |
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-information-disclosure(17892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17892"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a \"\\/\" in a pathname argument, as demonstrated by \"download \\/server.cfg\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-information-disclosure(17892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17892"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a \"\\/\" in a pathname argument, as demonstrated by \"download \\/server.cfg\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11183",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11183"
},
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-information-disclosure(17892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17892"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2594",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2595 (GCVE-0-2004-2595)
Vulnerability from cvelistv5 – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11184 | vdb-entryx_refsource_OSVDB |
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-dos(17893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17893"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-dos(17893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17893"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11184",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11184"
},
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-path-dos(17893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17893"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2595",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2596 (GCVE-0-2004-2596)
Vulnerability from cvelistv5 – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-mult-conn-dos(17894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17894"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-mult-conn-dos(17894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17894"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "quake-mult-conn-dos(17894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17894"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2596",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2593 (GCVE-0-2004-2593)
Vulnerability from cvelistv5 – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/11182 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "quake-cmdargs-bo(17891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17891"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11182"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "quake-cmdargs-bo(17891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17891"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11182"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "quake-cmdargs-bo(17891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17891"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11182",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11182"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2593",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2592 (GCVE-0-2004-2592)
Vulnerability from cvelistv5 – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/11181 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11181"
},
{
"name": "quake-configstrings-baselines-dos(17890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11181"
},
{
"name": "quake-configstrings-baselines-dos(17890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11181",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11181"
},
{
"name": "quake-configstrings-baselines-dos(17890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2592",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2597 (GCVE-0-2004-2597)
Vulnerability from cvelistv5 – Published: 2005-11-29 02:00 – Updated: 2024-08-08 01:29
VLAI
Summary
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://web.archive.org/web/20041130092749/www.r1c… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1011979 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/11551 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/11186 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/13013 | third-party-advisoryx_refsource_SECUNIA |
| http://secur1ty.net/advisories/001 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2004-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11186"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "quake-ip-spoofing(17895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17895"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an \"ip\" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server\u0027s ability to find the client\u0027s IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11186"
},
{
"name": "13013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "quake-ip-spoofing(17895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17895"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an \"ip\" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server\u0027s ability to find the client\u0027s IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"
},
{
"name": "1011979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011979"
},
{
"name": "11551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11551"
},
{
"name": "11186",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11186"
},
{
"name": "13013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13013"
},
{
"name": "http://secur1ty.net/advisories/001",
"refsource": "MISC",
"url": "http://secur1ty.net/advisories/001"
},
{
"name": "quake-ip-spoofing(17895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17895"
},
{
"name": "20041027 Multiple Vulnerabilites in Quake II Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2597",
"datePublished": "2005-11-29T02:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:29:14.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0983 (GCVE-0-2005-0983)
Vulnerability from cvelistv5 – Published: 2005-04-05 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/14811 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/q3msgboom-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/12976 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=111246796918067&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://bani.anime.net/banimod/forums/viewtopic.ph… | x_refsource_MISC |
Date Public
2005-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt"
},
{
"name": "12976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12976"
},
{
"name": "20050402 In-game players kicking in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111246796918067\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt"
},
{
"name": "12976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12976"
},
{
"name": "20050402 In-game players kicking in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111246796918067\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14811"
},
{
"name": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt"
},
{
"name": "12976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12976"
},
{
"name": "20050402 In-game players kicking in the Quake 3 engine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111246796918067\u0026w=2"
},
{
"name": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322",
"refsource": "MISC",
"url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0983",
"datePublished": "2005-04-05T04:00:00.000Z",
"dateReserved": "2005-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0430 (GCVE-0-2005-0430)
Vulnerability from cvelistv5 – Published: 2005-02-16 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/12534 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=110824822224025&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/q3infoboom-adv.txt | x_refsource_MISC |
Date Public
2005-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12534"
},
{
"name": "20050212 Infostring crash and shutdown in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110824822224025\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12534"
},
{
"name": "20050212 Infostring crash and shutdown in the Quake 3 engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110824822224025\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12534"
},
{
"name": "20050212 Infostring crash and shutdown in the Quake 3 engine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110824822224025\u0026w=2"
},
{
"name": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/q3infoboom-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0430",
"datePublished": "2005-02-16T05:00:00.000Z",
"dateReserved": "2005-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}