CVE-2004-2596

Published: Dec 31, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.

Affected (2)

Products: Id Software: Quake Ii Server

Id Software

1 product

Quake Ii Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Id Software Quake Ii Server	Version 3.20
Id Software Quake Ii Server	Version 3.21

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html

Source: cve@mitre.org

http://secunia.com/advisories/13013

Source: cve@mitre.org

Vendor Advisory

http://secur1ty.net/advisories/001

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1011979

Source: cve@mitre.org

http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/

Source: cve@mitre.org

http://www.securityfocus.com/bid/11551

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17894

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html