Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| raven_software | soldier_of_fortune | 2.1.0.2 |
| raven_software | soldier_of_fortune | 2.1.0.3 |
Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| raven_software | soldier_of_fortune_2 | 1.0.2 |
| raven_software | soldier_of_fortune_2 | 1.0.3 |
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| id_software | quake_3_arena_server | 1.29f |
| activision | call_of_duty | 1.4 |
| activision | call_of_duty_united_offensive | 1.51b |
| lucasarts | star_wars_jedi_knight_jedi_academy | 1.0.11 |
| id_software | quake_3_arena | 1.1.7 |
| id_software | wolfenstein_enemy_territory | 2.56 |
| id_software | quake_3_engine | * |
| activision | return_to_castle_wolfenstein | 1.0 |
| activision | return_to_castle_wolfenstein | 1.1 |
| lucasarts | star_wars_jedi_knight_ii_jedi_outcast | 1.0.4 |
| id_software | quake_3_arena | 1.31 |
| raven_software | soldier_of_fortune_2 | 1.0.2 |
| id_software | quake_3_arena | 1.16 |
| id_software | quake_3_arena_server | 1.29g |
| activision | call_of_duty_united_offensive | 1.41 |
| id_software | wolfenstein_enemy_territory | 1.0.2 |
| activision | call_of_duty | 1.5b |
| raven_software | soldier_of_fortune_2 | 1.0.3 |
Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| raven_software | soldier_of_fortune_2 | 1.03 |
| raven_software | soldier_of_fortune_2 | 1.02 |
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| id_software | quake_3_engine | icculus_812 |
| raven_software | soldier_of_fortune_2 | 1.03 |
| id_software | quake_3_engine | 1.32c |
| id_software | quake_3_engine | 1.32b |