CVE-2010-5077

Published: Oct 27, 2014Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.

Affected (3)

Products: Ioquake3: Ioquake3 Engine · Openarena: Openarena · Tremulous: Tremulous

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ioquake3 Ioquake3 Engine	Up to r1761
Openarena Openarena	All versions
Tremulous Tremulous	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://openarena.ws/board/index.php?topic=4391.0

Source: secalert@redhat.com

http://permalink.gmane.org/gmane.comp.games.ioquake3/961

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2442

Source: secalert@redhat.com

http://www.ioquake.org/forums/viewtopic.php?f=12&t=1694

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/03/26/5

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/522076

Source: secalert@redhat.com

http://www.urbanterror.info/forums/topic/27825-drdos/

Source: secalert@redhat.com

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656

Source: secalert@redhat.com

http://openarena.ws/board/index.php?topic=4391.0