CVE-2001-1289

Quake 3 Arena 1.29f-1.29g - Denial of Service via Malformed Connection Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1289. PoCs published by Coolest.

AI-analyzed exploit summary This exploit sends a malformed UDP packet to a Quake3 Arena Server, causing a remote crash. The payload consists of four bytes (0xFF) followed by the string 'connectre', which triggers the vulnerability.

Description

Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Coolest · textdosmultiple
https://www.exploit-db.com/exploits/21042

This exploit sends a malformed UDP packet to a Quake3 Arena Server, causing a remote crash. The payload consists of four bytes (0xFF) followed by the string 'connectre', which triggers the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Quake3 Arena Server
No auth needed
Prerequisites: Network access to the target server · UDP port accessibility
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3123
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0748.html

Scores

EPSS 0.0521
EPSS Percentile 91.5%

Details

Status published
Products (2)
id_software/quake_3_arena 1.29f
id_software/quake_3_arena 1.29g
Published Jul 29, 2001
Tracked Since Feb 18, 2026