MidnightBSD

Advisories for raven_software

CVE-2004-1542 MEDIUM

Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
raven_software soldier_of_fortune 2.1.0.2
raven_software soldier_of_fortune 2.1.0.3
CVE-2005-0568 MEDIUM

Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
raven_software soldier_of_fortune_2 1.0.2
raven_software soldier_of_fortune_2 1.0.3
CVE-2005-0983 MEDIUM

Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
id_software quake_3_arena_server 1.29f
activision call_of_duty 1.4
activision call_of_duty_united_offensive 1.51b
lucasarts star_wars_jedi_knight_jedi_academy 1.0.11
id_software quake_3_arena 1.1.7
id_software wolfenstein_enemy_territory 2.56
id_software quake_3_engine *
activision return_to_castle_wolfenstein 1.0
activision return_to_castle_wolfenstein 1.1
lucasarts star_wars_jedi_knight_ii_jedi_outcast 1.0.4
id_software quake_3_arena 1.31
raven_software soldier_of_fortune_2 1.0.2
id_software quake_3_arena 1.16
id_software quake_3_arena_server 1.29g
activision call_of_duty_united_offensive 1.41
id_software wolfenstein_enemy_territory 1.0.2
activision call_of_duty 1.5b
raven_software soldier_of_fortune_2 1.0.3
CVE-2005-2115 MEDIUM

Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
raven_software soldier_of_fortune_2 1.03
raven_software soldier_of_fortune_2 1.02
CVE-2006-3400 HIGH

Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
id_software quake_3_engine icculus_812
raven_software soldier_of_fortune_2 1.03
id_software quake_3_engine 1.32c
id_software quake_3_engine 1.32b