Runningbon

**Name of the Vulnerable Software and Affected Versions** Quake 3 Engine versions as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 **Description** The issue is a stack-based buffer overflow in the `CG ServerCommand` function. This allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. **Recommendations** For Quake 3 Engine versions as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03, consider restricting access to the `CG ServerCommand` function until a patch is available. As a temporary workaround, avoid using long commands from the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quake 3: Arena versions 1.32b through 1.32c **Description** The issue is a stack-based buffer overflow in the Quake 3 Engine, which can be exploited by remote attackers to cause a denial of service and potentially execute code. This is achieved by sending long CS ITEMS values. **Recommendations** For Quake 3: Arena versions 1.32b through 1.32c, consider restricting access to the game server to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using long CS ITEMS values in the game. At the moment, there is no information about a newer version that contains a fix for this issue.