This page aggregates publicly disclosed CVE and security risk information related to sauerbraten, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-1103 | engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference. | [email protected] | 5.0 | 6.01% | 2006-03-09 | 2026-04-16 |
| CVE-2006-1102 | Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | [email protected] | 5.0 | 21.17% | 2006-03-09 | 2026-04-16 |
| CVE-2006-1101 | The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint. | [email protected] | 5.0 | 43.68% | 2006-03-09 | 2026-04-16 |
| CVE-2006-1100 | Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data. | [email protected] | 7.5 | 26.28% | 2006-03-09 | 2026-04-16 |