Quake 3 Engine
Approved changes feed: RSS · Atom
cpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
part: a version: 1.32b update: *
| Vendor | Id Software (b3578cac-594e-5b0b-a037-8ea975d8ca14) |
|---|---|
| Product | Quake 3 Engine (6941fc15-33b3-5605-b3c0-56a2fcf3ac47) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:bitbucket/gholts/quake-iii-arena |
purl2cpe | 2026-06-01 10:15:48.718734 |
pkg:github/id-software/quake-iii-arena |
purl2cpe | 2026-06-01 10:15:48.718736 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2006-3401 |
vulnerable | 2026-06-03 14:27:34.859586 |
Details available
Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.
Published: 2006-07-06T20:00:00.000Z
Updated: 2024-08-07T18:30:32.870Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3400 |
vulnerable | 2026-06-03 14:27:34.857447 |
Details available
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
Published: 2006-07-06T20:00:00.000Z
Updated: 2024-08-07T18:30:32.818Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3325 |
vulnerable | 2026-06-03 14:27:34.652250 |
Details available
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Published: 2006-06-30T23:00:00.000Z
Updated: 2024-08-07T18:23:21.197Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3324 |
vulnerable | 2026-06-03 14:27:34.649680 |
Details available
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Published: 2006-06-30T23:00:00.000Z
Updated: 2024-08-07T18:23:21.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-2236 |
vulnerable | 2026-06-03 14:27:31.382000 |
Details available
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
Published: 2006-05-08T23:00:00.000Z
Updated: 2024-08-07T17:43:29.111Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.