Quake 3 Engine
Approved changes feed: RSS · Atom
cpe:2.3:a:id_software:quake_3_engine:icculus_810:*:*:*:*:*:*:*
part: a version: icculus_810 update: *
| Vendor | Id Software (b3578cac-594e-5b0b-a037-8ea975d8ca14) |
|---|---|
| Product | Quake 3 Engine (6941fc15-33b3-5605-b3c0-56a2fcf3ac47) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:bitbucket/gholts/quake-iii-arena |
purl2cpe | 2026-06-01 10:15:48.730243 |
pkg:github/id-software/quake-iii-arena |
purl2cpe | 2026-06-01 10:15:48.730245 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2006-3325 |
vulnerable | 2026-06-03 14:27:34.656288 |
Details available
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Published: 2006-06-30T23:00:00.000Z
Updated: 2024-08-07T18:23:21.197Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.