Quake 3 Engine

quake_3_engine

Vendor: Id Software • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-3401 1Id Software 1Quake 3 Engine Apr 16, 2026 Jul 6, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.
CVE-2006-3400 2Id Software Raven Software 2Quake 3 Engine Soldier Of Fortune 2 Apr 16, 2026 Jul 6, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending...Show more Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.Show less
CVE-2006-3325 1Id Software 1Quake 3 Engine Apr 16, 2026 Jun 30, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, s...Show more client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.Show less
CVE-2006-3324 1Id Software 1Quake 3 Engine Apr 16, 2026 Jun 30, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via...Show more The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.Show less
CVE-2006-2875 1Id Software 1Quake 3 Engine Apr 16, 2026 Jun 7, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed...Show more Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.Show less
CVE-2006-2082 1Id Software 1Quake 3 Engine Apr 16, 2026 May 10, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload c...Show more Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.Show less
CVE-2006-2236 1Id Software 4Quake 3 Arena Quake 3 EngineReturn To Castle Wolfenstein+1 more Apr 16, 2026 May 8, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
CVE-2005-0983 4Activision Id SoftwareLucasarts+1 more 10Call Of Duty Call Of Duty United OffensiveQuake 3 Arena+7 more Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data...Show more Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.Show less
CVE-2005-0430 1Id Software 1Quake 3 Engine Apr 16, 2026 Feb 12, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflo...Show more The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.Show less