CVE-2010-5077
ioquake3 < r1762 - Denial of Service via Spoofed getstatus or rcon Request
Title source: llmDescription
server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522076
Various Sources x_refsource_misc
http://openarena.ws/board/index.php?topic=4391.0
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2442
Various Sources x_refsource_misc
http://www.urbanterror.info/forums/topic/27825-drdos/
Issue Tracking x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656
Various Sources x_refsource_misc
http://permalink.gmane.org/gmane.comp.games.ioquake3/961
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/26/5
Various Sources x_refsource_misc
http://www.ioquake.org/forums/viewtopic.php?f=12&t=1694
Scores
EPSS
0.0211
EPSS Percentile
79.6%
Details
CWE
CWE-20
Status
published
Products (3)
ioquake3/ioquake3_engine
< r1761
openarena/openarena
tremulous/tremulous
Published
Oct 27, 2014
Tracked Since
Feb 18, 2026