CVE-2005-0984
Buffer overflow in the G_Printf function in Star Wars Jedi Knight:
Jedi Academy 1.011 and earlier allows remote attackers to execute
arbitrary code via a long message using commands such as (1) say and
(2) tell.
Luigi Auriemma jamsgbof
CVE-2006-2236
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60,
(2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b
allows remote attackers to execute arbitrary commands via a long
remapShader command.
from Thilo Schulz in ioquake3
svn 765 git d21411452ef32b86c0b79ddcaf49221701dcdb07
Add string length checking to function COM_StripExtension. This fixes
the R_RemapShader buffer overflow exploit that can be found here:
http://milw0rm.com/exploits/1750
CVE-2006-2082
Directory traversal vulnerability in Quake 3 engine, as used in products
including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy
Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload
cvar is enabled, allows remote attackers to read arbitrary files from
the server via ".." sequences in a .pk3 file request.
from Thilo Schulz in ioquake3
svn 777 git 60293f49ee8c665673202e80ecd103f13a9fa6ab
Fix bug that permits download of arbitrary files from a download enabled
server by checking requested file name against the list of loaded pk3
files. See CVE-2006-2082
note: cl_keys change not included as qboolean not abused unlike q3
from Tim Angus in ioquake3
svn 95 git 33a48a0336865a9d21983e4836920cd9f3401101
Fixed some qboolean type confusion
from http://www.quakesrc.org/forums/viewtopic.php?t=5374
CVE-2005-0983
Quake 3 engine, as used in multiple games, allows remote attackers to
cause a denial of service (client disconnect) via a long message, which
is not properly truncated and causes the engine to process the remaining
data as if it were network data.
Luigi Auriemma q3msgboom
from Tim Angus in ioquake
svn 95 git 33a48a0336865a9d21983e4836920cd9f3401101
Fixed q3msgboom
from http://www.quakesrc.org/forums/viewtopic.php?t=5374
CVE-2005-0430
The Quake 3 engine, as used in multiple game packages, allows remote
attackers to cause a denial of service (shutdown game server) and
possibly crash the server via a long infostring, possibly triggering a
buffer overflow.
Luigi Auriemma q3infoboom
from Tim Angus in ioquake3
svn 95 git 33a48a0336865a9d21983e4836920cd9f3401101
It looks as if the q3infoboom bug has already been fixed in ioQ3 in a
different way, though this patch addresses the cause. The existing fix
should stay since it's a sensible sanity check anyway.
from http://www.quakesrc.org/forums/viewtopic.php?t=5374
CVE-2005-0430
The Quake 3 engine, as used in multiple game packages, allows remote
attackers to cause a denial of service (shutdown game server) and
possibly crash the server via a long infostring, possibly triggering a
buffer overflow.
Luigi Auriemma q3infoboom
bugzilla #2356
from Thilo Schulz in ioquake3
svn 58 git 01da6d757bb3121c9ee077e7269eee7655abd05b
https://bugzilla.icculus.org/show_bug.cgi?id=2356
Remotely exploitable Infostring Crash
