Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote malicious users to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
id software quake ii server linux 3.20 |
||
id software quake ii server linux 3.21 |