CVE-2010-5077

server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
ioquake3ioquake3_engine
𝑥
≤ r1761
openarenaopenarena
*
tremuloustremulous
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ioquake3
bullseye
1.36+u20201117.d1b7ab6~dfsg-1
fixed
bookworm
1.36+u20221123.70d07d9+dfsg-1
fixed
trixie
1.36+u20240727.4c19ff2+dfsg-1
fixed
sid
1.36+u20241011.cc18246+dfsg-1
fixed
openarena
bullseye
0.8.8+dfsg-5
fixed
bookworm
0.8.8+dfsg-6
fixed
sid
0.8.8+dfsg-7
fixed
trixie
0.8.8+dfsg-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ioquake3
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
ignored
maverick
dne
lucid
dne
hardy
dne
openarena
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://openarena.ws/board/index.php?topic=4391.0
http://permalink.gmane.org/gmane.comp.games.ioquake3/961
http://www.debian.org/security/2012/dsa-2442
http://www.ioquake.org/forums/viewtopic.php?f=12&t=1694
http://www.openwall.com/lists/oss-security/2012/03/26/5
http://www.securityfocus.com/archive/1/522076
http://www.urbanterror.info/forums/topic/27825-drdos/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656
http://openarena.ws/board/index.php?topic=4391.0
http://permalink.gmane.org/gmane.comp.games.ioquake3/961
http://www.debian.org/security/2012/dsa-2442
http://www.ioquake.org/forums/viewtopic.php?f=12&t=1694
http://www.openwall.com/lists/oss-security/2012/03/26/5
http://www.securityfocus.com/archive/1/522076
http://www.urbanterror.info/forums/topic/27825-drdos/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656