Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Quake II Server多个安全漏洞
Vulnerability Description
Quake II Server用于互联网上多用户交互式的流行游戏。 Quake II Server在多个阶段没有正确检查用户输入,远程攻击者可以利用这些漏洞获得敏感信息,进行拒绝服务或可能以进程权限执行任意指令。 问题一是数组边界错误: 在处理连接过程中的configstrings和baselines数据缺少充分符号检查,结果可导致越界访问而崩溃。 问题二处理包时存在缓冲区溢出: 在接收到命令包时,服务器对接收字符串长度缺少正确的边界缓冲区检查,可导致缓冲区溢出。通过伪造源地址和UDP包,可能以进程权限在
CVSS Information
N/A
Vulnerability Type
N/A