CVE-2017-11721

Published: 03 August 2017

Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
ioquake3
Launchpad, Ubuntu, Debian
Upstream
Released (1.36+u20170803+dfsg1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.36+u20170803+dfsg1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.36+u20170803+dfsg1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.36+u20170803+dfsg1-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1
iortcw
Launchpad, Ubuntu, Debian
Upstream
Released (1.51+dfsg1-3)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.51+dfsg1-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.51+dfsg1-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.51+dfsg1-3)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934