CVE-2005-0983

Description

Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.

Affected products

• activision / call_of_duty1.4 – 1.4
• activision / call_of_duty1.5b – 1.5b
• activision / call_of_duty_united_offensive1.41 – 1.41
• activision / call_of_duty_united_offensive1.51b – 1.51b
• activision / return_to_castle_wolfenstein1.0 – 1.0
• activision / return_to_castle_wolfenstein1.1 – 1.1
• id_software / quake_3_arena1.1.7 – 1.1.7
• id_software / quake_3_arena1.16 – 1.16
• id_software / quake_3_arena1.31 – 1.31
• id_software / quake_3_arena_server1.29f – 1.29f
• id_software / quake_3_arena_server1.29g – 1.29g
• id_software / quake_3_engine
• id_software / wolfenstein_enemy_territory1.0.2 – 1.0.2
• id_software / wolfenstein_enemy_territory2.56 – 2.56
• lucasarts / star_wars_jedi_knight_ii_jedi_outcast1.0.4 – 1.0.4
• lucasarts / star_wars_jedi_knight_jedi_academy1.0.11 – 1.0.11
• raven_software / soldier_of_fortune_21.0.2 – 1.0.2
• raven_software / soldier_of_fortune_21.0.3 – 1.0.3

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/14811
• MISChttp://aluigi.altervista.org/adv/q3msgboom-adv.txt
• MISChttp://www.securityfocus.com/bid/12976
• MAILING_LISThttp://marc.info/?l=bugtraq&m=111246796918067&w=2
• MISChttp://bani.anime.net/banimod/forums/viewtopic.php?p=27322