CVE-2006-3325

Опубликовано: 30 июн. 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_805:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_806:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_807:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_808:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_809:*:*:*:*:*:*:*

cpe:2.3:a:id_software:quake_3_engine:icculus_810:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03928

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-3325

debian

больше 19 лет назад

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quak ...

GHSA-w943-j99v-c4q3

github

больше 3 лет назад