CVE-1999-1569

Quake - Denial of Service via Spoofed UDP Connection Packet Flood

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1569. PoCs published by Andy Gavin.

AI-analyzed exploit summary This exploit floods a Quake server with spoofed UDP connection requests, causing a denial-of-service by filling the player slots. It uses raw sockets to craft and send malformed Quake protocol packets with spoofed source IPs.

Description

Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andy Gavin · cdosmultiple
https://www.exploit-db.com/exploits/21012

This exploit floods a Quake server with spoofed UDP connection requests, causing a denial-of-service by filling the player slots. It uses raw sockets to craft and send malformed Quake protocol packets with spoofed source IPs.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Quake (NetQuake servers)
No auth needed
Prerequisites: raw socket permissions (root access) · target server IP/hostname and port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=91012172524181&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3051
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=90221101925989&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/197268
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6871

Scores

EPSS 0.0321
EPSS Percentile 86.6%

Details

Status published
Products (1)
id_software/quake 1.9
Published Jul 17, 2001
Tracked Since Feb 18, 2026