CVE-2006-2236

Description

Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.

How to fix CVE-2006-2236

To remediate CVE-2006-2236, upgrade the affected package to a fixed version below.

• Debian/ioquake3—upgrade to 1.36+svn1788j-1 or later

Is CVE-2006-2236 being exploited?

Low — EPSS is 4.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.36+svn1788j-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-2236