Published: 07/06/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and previous versions, as used in multiple products, allows remote malicious users to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
id software quake 3 engine

Debian Bug report logs - #660834 tremulous: CVE-2006-3325 ("q3cfilevar-B") configuration overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:59:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in vers ...

Debian Bug report logs - #660832 tremulous: CVE-2006-3324 ("q3cfilevar-A") arbitrary file overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:41 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in ver ...

Debian Bug report logs - #660827 tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to arbitrary code execution Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:39:01 UTC Severity: grave Tags: security Found in version tremulous/1 ...

Debian Bug report logs - #660836 tremulous: CVE-2011-2764, CVE-2011-3012 DLL overwriting by malicious bytecode Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 09:06:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fix ...

Debian Bug report logs - #660831 tremulous-server: CVE-2006-2082 arbitrary file download from server Package: tremulous-server; Maintainer for tremulous-server is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:28 UTC Severity: grave Tags: security Found in version tremulous/110-41 ...

// source: wwwsecurityfocuscom/bid/18271/info // // The Quake 3 engine is susceptible to a remote buffer-overflow vulnerability This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer // // Remote attackers may exploit this issue to execute ar ...

NVD-CWE-Other http://aluigi.altervista.org/adv/q3cbof-adv.txt http://secunia.com/advisories/20401 http://www.securityfocus.com/bid/18271 http://securitytracker.com/id?1016219 http://www.vupen.com/english/advisories/2006/2129 http://www.securityfocus.com/archive/1/435963/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660834 https://www.exploit-db.com/exploits/27969/

CVE-2006-2875

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect