RSS   Podatności dla 'Ioquake3'   RSS

2017-08-03
 
CVE-2017-11721

 

 
Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.

 
2017-03-14
 
CVE-2017-6903

CWE-269
 

 
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as native code DLLs. A malicious auto-downloaded file can contain configuration defaults that override the user's. Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape.

 

 >>> Vendor: Ioquake3 2 Produkty
Ioquake3 engine
Ioquake3


Copyright 2024, cxsecurity.com

 

Back to Top