Vulnerabilities > ID Software > Quake 3 Engine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-30 | CVE-2006-3325 | Multiple vulnerability in Quake 3 client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. | 5.0 |
| 2006-06-30 | CVE-2006-3324 | Multiple vulnerability in Quake 3 The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | 5.0 |
| 2005-05-02 | CVE-2005-0983 | Denial of Service vulnerability in Quake 3 Engine Message Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | 5.0 |
| 2005-02-12 | CVE-2005-0430 | Remote Denial of Service vulnerability in ID Software Quake 3 Engine Infostring Query The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | 5.0 |