Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2006-3325
HistoryJun 30, 2006 - 11:05 p.m.

CVE-2006-3325

2006-06-3023:05:00
mitre
web.nvd.nist.gov
30
cve
2006
3325
client
cl_parse.c
remote servers
overwrite
cvars variables
id3 quake 3 engine
icculus quake 3 engine
vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.007

Percentile

80.7%

JSON

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.

Affected configurations

Nvd
Node
id_softwarequake_3_engine
OR
id_softwarequake_3_engineMatch1.32b
OR
id_softwarequake_3_engineMatch1.32c
OR
id_softwarequake_3_engineMatchicculus_803
OR
id_softwarequake_3_engineMatchicculus_804
OR
id_softwarequake_3_engineMatchicculus_805
OR
id_softwarequake_3_engineMatchicculus_806
OR
id_softwarequake_3_engineMatchicculus_807
OR
id_softwarequake_3_engineMatchicculus_808
OR
id_softwarequake_3_engineMatchicculus_809
OR
id_softwarequake_3_engineMatchicculus_810
VendorProductVersionCPE
id_softwarequake_3_engine*cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
id_softwarequake_3_engine1.32bcpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
id_softwarequake_3_engine1.32ccpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_803cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_804cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_805cpe:2.3:a:id_software:quake_3_engine:icculus_805:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_806cpe:2.3:a:id_software:quake_3_engine:icculus_806:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_807cpe:2.3:a:id_software:quake_3_engine:icculus_807:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_808cpe:2.3:a:id_software:quake_3_engine:icculus_808:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_809cpe:2.3:a:id_software:quake_3_engine:icculus_809:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

Related

nvd 1
debiancve 1
cvelist 1
exploitdb 2
nvd
nvd
CVE-2006-3325
2006-06-30 23:05:00
debiancve
debiancve
CVE-2006-3325
2006-06-30 23:05:00
cvelist
cvelist
CVE-2006-3325
2006-06-30 23:00:00
exploitdb
exploitdb
Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow
2006-07-02 00:00:00
Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow
2006-07-02 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.007

Percentile

80.7%

JSON
Related for CVE-2006-3325
nvd1debiancve1cvelist1exploitdb2