Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A buffer overflow scenario can be created within cmd.c. The cmd_args variable within the char *Cmd_Args function is vulnerable to this attack.
cmd_args
char *Cmd_Args
The cmd_args variable assigns all the arguments within argv to a single variable, space delimited.
Quake3e/code/qcommon/cmd.c
Line 421 in 4660de6
This variable has allotted 1024 bytes for characters as displayed below:
Quake3e/code/qcommon/q_shared.h
Line 221 in 41aef4a
If we provide arguments with length > 2000, this variable should overflow and cause a crash.
The text was updated successfully, but these errors were encountered:
Fixed potential buffer overflows in Cmd_Args() and Cmd_TokenizeString…
fea3c41
…2() functions, addressed in https://github.com/ec-/Quake3e/issues/9
@prodigysml thank you for report, it helped to discover other related flaws
Sorry, something went wrong.
No branches or pull requests
A buffer overflow scenario can be created within cmd.c. The
cmd_argsvariable within thechar *Cmd_Argsfunction is vulnerable to this attack.The
cmd_argsvariable assigns all the arguments within argv to a single variable, space delimited.Quake3e/code/qcommon/cmd.c
Line 421 in 4660de6
This variable has allotted 1024 bytes for characters as displayed below:
Quake3e/code/qcommon/q_shared.h
Line 221 in 41aef4a
If we provide arguments with length > 2000, this variable should overflow and cause a crash.
The text was updated successfully, but these errors were encountered: