CVE-2006-3324

Description

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

How to fix CVE-2006-3324

To remediate CVE-2006-3324, upgrade the affected package to a fixed version below.

• Debian/ioquake3—upgrade to 1.36+svn1788j-1 or later

Is CVE-2006-3324 being exploited?

Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.36+svn1788j-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3324