CVE-1999-1502
CVE-1999-1502 is a high-severity vulnerability in Id Software Quake with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Id Software Quake
- Published:
- Last modified:
Description
Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
Frequently asked questions
- What is CVE-1999-1502?
- Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
- How severe is CVE-1999-1502?
- CVE-1999-1502 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-1999-1502 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-1999-1502?
- CVE-1999-1502 affects Id Software Quake. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-1999-1502?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-1999-1502 published?
- CVE-1999-1502 was published on 1998-04-08 and last updated on 2026-06-16.
References
- http://marc.info/?l=bugtraq&m=89205623028934&w=2
- http://www.securityfocus.com/bid/68
- http://www.securityfocus.com/bid/69
Affected products (1)
- cpe:2.3:a:id_software:quake:1.9:*:*:*:*:*:*:*
More vulnerabilities in Id Software Quake
- CVE-1999-1569 — Medium (CVSS 5.0): Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced…
- CVE-2000-1080 — Medium (CVSS 5.0): Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed…