CVE-2010-5077
openarena - UDP traffic amplification
EPSS 2.1%
Description
server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
How to fix CVE-2010-5077
To remediate CVE-2010-5077, upgrade the affected package to a fixed version below.
- Debian/openarena—upgrade to 0.8.5-6 or later
- Debian/openarena—upgrade to 0.8.5-5+squeeze2 or later
Is CVE-2010-5077 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.5-6
- from 0, < 0.8.5-5+squeeze2