Aggregates CVE and security vulnerability intelligence across all id_software-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-5248 | Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | [email protected] | 9.3 | 10.54% | 2007-10-06 | 2026-04-23 |
| CVE-2006-3401 | Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | [email protected] | 7.5 | 10.00% | 2006-07-06 | 2026-04-16 |
| CVE-2006-3400 | Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | [email protected] | 7.5 | 11.66% | 2006-07-06 | 2026-04-16 |
| CVE-2006-3325 | client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. | [email protected] | 5.0 | 3.93% | 2006-06-30 | 2026-04-16 |
| CVE-2006-3324 | The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | [email protected] | 5.0 | 2.23% | 2006-06-30 | 2026-04-16 |
| CVE-2006-2875 | Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | [email protected] | 7.5 | 6.13% | 2006-06-07 | 2026-04-16 |
| CVE-2006-2082 | Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | [email protected] | 7.5 | 0.95% | 2006-05-10 | 2026-04-16 |
| CVE-2006-2236 | Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command. | [email protected] | 7.6 | 4.06% | 2006-05-08 | 2026-04-16 |
| CVE-2005-0983 | Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | [email protected] | 5.0 | 1.33% | 2005-05-02 | 2026-04-16 |
| CVE-2005-0430 | The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | [email protected] | 5.0 | 1.57% | 2005-02-12 | 2026-04-16 |
| CVE-2004-2597 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | [email protected] | 5.0 | 0.47% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2596 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | [email protected] | 5.0 | 1.27% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2595 | Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data. | [email protected] | 5.0 | 1.56% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2594 | Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". | [email protected] | 5.0 | 0.87% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2593 | Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | [email protected] | 7.5 | 3.78% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2592 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines. | [email protected] | 5.0 | 4.67% | 2004-12-31 | 2026-04-16 |
| CVE-2002-0770 | Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | [email protected] | 5.0 | 5.18% | 2002-08-12 | 2026-04-16 |
| CVE-2001-1289 | Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. | [email protected] | 5.0 | 1.22% | 2001-07-29 | 2026-04-16 |
| CVE-1999-1569 | Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit. | [email protected] | 5.0 | 1.99% | 2001-07-17 | 2026-04-16 |
| CVE-2000-1080 | Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. | [email protected] | 5.0 | 0.75% | 2000-11-01 | 2026-04-16 |