CVE-2017-11721 – A buffer overflow vulnerability in ioquake3 gam... (How to Fix)

Q: What is the severity of CVE-2017-11721?

CVE-2017-11721 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in ioquake3 game servers allows remote attackers to crash the server or potentially execute arbitrary code by sending specially crafted network packets. This affects all ioquake3 servers running versions before the August 2, 2017 patch. Game clients connecting to vulnerable servers are not directly affected.

📋 TL;DR

A buffer overflow vulnerability in ioquake3 game servers allows remote attackers to crash the server or potentially execute arbitrary code by sending specially crafted network packets. This affects all ioquake3 servers running versions before the August 2, 2017 patch. Game clients connecting to vulnerable servers are not directly affected.

💻 Affected Systems

Products:

ioquake3
Quake 3 Arena servers using ioquake3 engine

Versions: All versions before commit d2b1d124d4055c2fcbe5126863487c52fd58cca1 (August 2, 2017)

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects game servers, not clients. Any ioquake3 server accepting network connections is vulnerable.

📦 What is this software?

Ioquake3 by Ioquake3

View all CVEs affecting Ioquake3 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, or use as attack platform

🟠

Likely Case

Denial of service through server crash, disrupting game sessions

🟢

If Mitigated

Limited to DoS if exploit fails to achieve code execution, server restarts automatically

🌐 Internet-Facing: HIGH - Game servers are typically internet-facing and accept connections from untrusted clients

🏢 Internal Only: LOW - Internal-only servers would only be vulnerable to internal attackers

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow in packet handling makes exploitation straightforward. Public exploit code exists in security repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit d2b1d124d4055c2fcbe5126863487c52fd58cca1 or later

Vendor Advisory: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1

Restart Required: Yes

Instructions:

1. Update ioquake3 to latest version from GitHub. 2. Recompile server binary. 3. Replace existing server binary. 4. Restart game server.

🔧 Temporary Workarounds

Network segmentation

linux

Restrict server access to trusted networks only

iptables -A INPUT -p udp --dport 27960 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 27960 -j DROP

Process isolation

linux

Run server in container or with minimal privileges

docker run --security-opt=no-new-privileges -p 27960:27960/udp ioquake3-server

🧯 If You Can't Patch

Implement strict network ACLs to allow only trusted clients
Deploy intrusion detection/prevention systems to monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check server binary version: strings ioq3ded.x86_64 | grep 'ioquake3' and compare to patched version

Check Version:

./ioq3ded.x86_64 +version | grep 'ioquake3'

Verify Fix Applied:

Verify binary includes commit d2b1d124d4055c2fcbe5126863487c52fd58cca1: git log --oneline | grep d2b1d124

📡 Detection & Monitoring

Log Indicators:

Server crash logs
Segmentation fault errors in system logs
Abnormal disconnection patterns

Network Indicators:

Malformed UDP packets to port 27960
Large or unusual packet sizes to game server

SIEM Query:

source="*quake*" AND ("segmentation fault" OR "crash" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2017-11721

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: August 3, 2017

Last Updated: April 20, 2025

🔗 References

http://www.debian.org/security/2017/dsa-3941
http://www.debian.org/security/2017/dsa-3948
https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1 Exploit,Third Party Advisory
http://www.debian.org/security/2017/dsa-3941
http://www.debian.org/security/2017/dsa-3948
https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-11721, you might also want to check these: