Unrated severityNVD Advisory· Published Oct 27, 2014· Updated May 6, 2026

CVE-2010-5077

Description

server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.

Affected products

Ioquake3/Ioquake3 Engine
cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*
Range: <=r1761
Openarena/Openarena
cpe:2.3:a:openarena:openarena:*:*:*:*:*:*:*:*
Tremulous/Tremulous
cpe:2.3:a:tremulous:tremulous:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openarena.ws/board/index.phpnvd
permalink.gmane.org/gmane.comp.games.ioquake3/961nvd
www.debian.org/security/2012/dsa-2442nvd
www.ioquake.org/forums/viewtopic.phpnvd
www.openwall.com/lists/oss-security/2012/03/26/5nvd
www.securityfocus.com/archive/1/522076nvd
www.urbanterror.info/forums/topic/27825-drdos/nvd
bugs.debian.org/cgi-bin/bugreport.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000