Quake 3 Engine
Approved changes feed: RSS · Atom
cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Id Software (b3578cac-594e-5b0b-a037-8ea975d8ca14) |
|---|---|
| Product | Quake 3 Engine (6941fc15-33b3-5605-b3c0-56a2fcf3ac47) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:bitbucket/gholts/quake-iii-arena |
purl2cpe | 2026-06-01 10:15:48.717539 |
pkg:github/id-software/quake-iii-arena |
purl2cpe | 2026-06-01 10:15:48.717540 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2006-3325 |
vulnerable | 2026-06-03 14:27:34.652225 |
Details available
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Published: 2006-06-30T23:00:00.000Z
Updated: 2024-08-07T18:23:21.197Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3324 |
vulnerable | 2026-06-03 14:27:34.649655 |
Details available
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Published: 2006-06-30T23:00:00.000Z
Updated: 2024-08-07T18:23:21.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-2875 |
vulnerable | 2026-06-03 14:27:33.425290 |
Details available
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
Published: 2006-06-07T00:00:00.000Z
Updated: 2024-08-07T18:06:27.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-2082 |
vulnerable | 2026-06-03 14:27:26.087671 |
Details available
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.
Published: 2006-05-10T00:00:00.000Z
Updated: 2024-08-07T17:35:31.202Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-0983 |
vulnerable | 2026-06-03 14:26:52.025114 |
Details available
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
Published: 2005-04-05T04:00:00.000Z
Updated: 2024-08-07T21:35:58.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-0430 |
vulnerable | 2026-06-03 14:26:50.449048 |
Details available
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Published: 2005-02-16T05:00:00.000Z
Updated: 2024-08-07T21:13:54.522Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.