GCVE - cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*

part: a version: 1.32c update: *

Vendor	Id Software (`b3578cac-594e-5b0b-a037-8ea975d8ca14`)
Product	Quake 3 Engine (`6941fc15-33b3-5605-b3c0-56a2fcf3ac47`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:bitbucket/gholts/quake-iii-arena`	purl2cpe	2026-06-01 10:15:48.719866
`pkg:github/id-software/quake-iii-arena`	purl2cpe	2026-06-01 10:15:48.719868

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-3401`	vulnerable	2026-06-03 14:27:34.859609	Details available Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. Published: 2006-07-06T20:00:00.000Z Updated: 2024-08-07T18:30:32.870Z Open on db.gcve.eu Reference links http://secunia.com/advisories/20946 http://secunia.com/advisories/20961 https://www.exploit-db.com/exploits/1977 http://www.securityfocus.com/bid/18777 https://exchange.xforce.ibmcloud.com/vulnerabilities/27616	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3400`	vulnerable	2026-06-03 14:27:34.857471	Details available Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. Published: 2006-07-06T20:00:00.000Z Updated: 2024-08-07T18:30:32.818Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/27614 https://www.exploit-db.com/exploits/1976 http://secunia.com/advisories/20946 http://www.securityfocus.com/bid/18777 http://www.vupen.com/english/advisories/2006/2657	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3325`	vulnerable	2026-06-03 14:27:34.652269	Details available client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. Published: 2006-06-30T23:00:00.000Z Updated: 2024-08-07T18:23:21.197Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/438660/100/0/threaded http://www.securityfocus.com/archive/1/438515/100/0/threaded http://aluigi.altervista.org/adv/q3cfilevar-adv.txt http://www.securityfocus.com/bid/18685 http://secunia.com/advisories/20851	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3324`	vulnerable	2026-06-03 14:27:34.650655	Details available The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. Published: 2006-06-30T23:00:00.000Z Updated: 2024-08-07T18:23:21.067Z Open on db.gcve.eu Reference links http://svn.icculus.org/quake3?rev=804&view=rev http://www.securityfocus.com/archive/1/438660/100/0/threaded http://www.securityfocus.com/archive/1/438515/100/0/threaded http://aluigi.altervista.org/adv/q3cfilevar-adv.txt http://www.securityfocus.com/bid/18685	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.