Quake Ii Server
Sign in to watchby Id Software
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2004-2592 | 0.03 | — | 0.05 | Dec 31, 2004 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines. | ||
| CVE-2004-2597 | 0.00 | — | 0.00 | Dec 31, 2004 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | ||
| CVE-2004-2593 | 0.00 | — | 0.04 | Dec 31, 2004 | Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | ||
| CVE-2004-2596 | 0.00 | — | 0.01 | Dec 31, 2004 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. |