Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Quake_ii_server_linux | Id_software | 3.20 (including) | 3.20 (including) |
Quake_ii_server_linux | Id_software | 3.21 (including) | 3.21 (including) |