cbcvebase.

Id Software Quake 3 Engine vulnerabilities

6 known vulnerabilities affecting id_software/quake_3_engine.

Total CVEs
6
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2006-2236P3HIGHCVSS 7.6PoCv1.32b2006-05-08
CVE-2006-2236 [HIGH] CVE-2006-2236: Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41 Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
nvd
CVE-2006-2875P3HIGHCVSS 7.5PoC≤ 1.32c2006-06-07
CVE-2006-2875 [HIGH] CVE-2006-2875: Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
nvd
CVE-2006-3400P3HIGHCVSS 7.5PoCv1.32bv1.32c+1 more2006-07-06
CVE-2006-3400 [HIGH] CVE-2006-3400: Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
nvd
CVE-2006-3401P3HIGHCVSS 7.5PoCv1.32bv1.32c+1 more2006-07-06
CVE-2006-3401 [HIGH] CWE-119 CVE-2006-3401: Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remot Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.
nvd
CVE-2006-3324P4MEDIUMCVSS 5.0PoCv1.32bv1.32c+2 more2006-06-30
CVE-2006-3324 [MEDIUM] CVE-2006-3324: The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
nvd
CVE-2006-3325P4MEDIUMCVSS 5.0PoCv1.32bv1.32c+8 more2006-06-30
CVE-2006-3325 [MEDIUM] CVE-2006-3325: client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the se
nvd
Id Software Quake 3 Engine vulnerabilities | cvebase