CVE-2001-1289
Quake 3 Arena 1.29f-1.29g - Denial of Service via Malformed Connection Packet
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-1289. PoCs published by Coolest.
AI-analyzed exploit summary This exploit sends a malformed UDP packet to a Quake3 Arena Server, causing a remote crash. The payload consists of four bytes (0xFF) followed by the string 'connectre', which triggers the vulnerability.
Description
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Coolest · textdosmultiple
https://www.exploit-db.com/exploits/21042
This exploit sends a malformed UDP packet to a Quake3 Arena Server, causing a remote crash. The payload consists of four bytes (0xFF) followed by the string 'connectre', which triggers the vulnerability.
Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target:
Quake3 Arena Server
No auth needed
Prerequisites:
Network access to the target server · UDP port accessibility
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3123
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0748.html
Scores
EPSS
0.0521
EPSS Percentile
91.5%
Details
Status
published
Products (2)
id_software/quake_3_arena
1.29f
id_software/quake_3_arena
1.29g
Published
Jul 29, 2001
Tracked Since
Feb 18, 2026