CVE-2010-5077

ioquake3 < r1762 - Denial of Service via Spoofed getstatus or rcon Request

Title source: llm
STIX 2.1

Description

server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522076
Various Sources x_refsource_misc
http://openarena.ws/board/index.php?topic=4391.0
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2442
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/26/5

Scores

EPSS 0.0211
EPSS Percentile 79.6%

Details

CWE
CWE-20
Status published
Products (3)
ioquake3/ioquake3_engine < r1761
openarena/openarena
tremulous/tremulous
Published Oct 27, 2014
Tracked Since Feb 18, 2026