Description
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
Affected products
- activision / call_of_duty1.4 – 1.4
- activision / call_of_duty1.5b – 1.5b
- activision / call_of_duty_united_offensive1.41 – 1.41
- activision / call_of_duty_united_offensive1.51b – 1.51b
- activision / return_to_castle_wolfenstein1.0 – 1.0
- activision / return_to_castle_wolfenstein1.1 – 1.1
- id_software / quake_3_arena1.1.7 – 1.1.7
- id_software / quake_3_arena1.16 – 1.16
- id_software / quake_3_arena1.31 – 1.31
- id_software / quake_3_arena_server1.29f – 1.29f
- id_software / quake_3_arena_server1.29g – 1.29g
- id_software / quake_3_engine
- id_software / wolfenstein_enemy_territory1.0.2 – 1.0.2
- id_software / wolfenstein_enemy_territory2.56 – 2.56
- lucasarts / star_wars_jedi_knight_ii_jedi_outcast1.0.4 – 1.0.4
- lucasarts / star_wars_jedi_knight_jedi_academy1.0.11 – 1.0.11
- raven_software / soldier_of_fortune_21.0.2 – 1.0.2
- raven_software / soldier_of_fortune_21.0.3 – 1.0.3