{"id":"CVE-2017-11721","details":"Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.","modified":"2026-04-16T04:44:20.701267584Z","published":"2017-08-03T08:29:00.257Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3941"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3948"},{"type":"EVIDENCE","url":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ioquake/ioq3","events":[{"introduced":"0"},{"fixed":"d2b1d124d4055c2fcbe5126863487c52fd58cca1"}]},{"type":"GIT","repo":"https://github.com/ioquake/ioq3","events":[{"introduced":"0"},{"fixed":"d2b1d124d4055c2fcbe5126863487c52fd58cca1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11721.json","vanir_signatures":[{"signature_type":"Line","target":{"file":"code/qcommon/huffman.c"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"line_hashes":["273675049482217282011764300975962709221","260363655854620018737461737428859245059","248809194994517561377984245496647965889","223783748417597678315217778139396246138","291056212978569621216334190452423436899","56518896777264980858464507148163477255","250216768125813912779021239909572250431","148142972476848793530886067541877703143","181632729373489649138231761604901592376","27084259474904435244191872229397865335","176952915268484892476411057351062982543","136093005578492572009508190112743980622","308588218879448898047485220342830141617","47448684210524220912507152695641150568","312236742021274261964236527740442992838","181642763795764359563104289810217709927","258540257331425750263685206347201823664","249122941730455733667763017703691515665","162986154633948829594364551196873015672","316564957691932771997936023245465644294","220048655918362308483318757552501380956","235602223398341778482108830979591170232","12652589936325615213714427182897805468","267935535441112433516683633552127268638","2564117735441742023314324242037917623","146124983625758762683393391037048645724","110358608265721049835878303911546491464","133065761066935609475186374787802324080","313145594816286486988364548856094190446","84461161367069798413241096936775694456","286013046711966811805039929374837315305","121023327315590014945376517100578053419","8726272550064164565738485660996195414","185378223315563052707302290796484102005","14004759802832970840426135120728253562"],"threshold":0.9},"id":"CVE-2017-11721-01dec518","signature_version":"v1","deprecated":false},{"signature_type":"Function","target":{"file":"code/qcommon/huffman.c","function":"Huff_offsetTransmit"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"length":169,"function_hash":"288296911384423761869440398372326897352"},"id":"CVE-2017-11721-0dab3def","signature_version":"v1","deprecated":false},{"signature_type":"Function","signature_version":"v1","source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"length":317,"function_hash":"145431511111229392890823537581088642917"},"id":"CVE-2017-11721-256e0b52","deprecated":false,"target":{"file":"code/qcommon/huffman.c","function":"Huff_transmit"}},{"signature_type":"Function","target":{"file":"code/qcommon/msg.c","function":"MSG_WriteBits"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"length":1305,"function_hash":"50000722196881991073282473929632783827"},"id":"CVE-2017-11721-3526628e","signature_version":"v1","deprecated":false},{"signature_type":"Function","signature_version":"v1","target":{"file":"code/qcommon/msg.c","function":"MSG_ReadBits"},"digest":{"length":1235,"function_hash":"336227841858806565720874499510136001047"},"id":"CVE-2017-11721-3fc3ea56","deprecated":false,"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1"},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"line_hashes":["90129190901230474959071768282874723207","40770869957554694585870319684188947040","138341074871295741117551323686779272066","114478863047864540266920382125033312074","332531803524834603425288559641873969765","313760097287224323186791523419635017375"],"threshold":0.9},"id":"CVE-2017-11721-8e69505f","deprecated":false,"target":{"file":"code/qcommon/qcommon.h"}},{"signature_type":"Function","target":{"file":"code/qcommon/huffman.c","function":"Huff_Compress"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"length":841,"function_hash":"282705390258347243078549835266779186632"},"id":"CVE-2017-11721-93f21ea4","signature_version":"v1","deprecated":false},{"signature_type":"Line","target":{"file":"code/qcommon/msg.c"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"line_hashes":["216434185838058150504002545386495747639","329540919735365829325551850398953652241","198556345282584633783274224479263170111","240607365455979424039255042866147711204","50612196512769599394939481424907847817","182170577826312463466351747672208019421","111771121697559981274571689420275229568","96177127288031418560469593984234076337","245910316896117696558327047538755977367","115870604365819593693141022179501747841","28887222475733387668278258907332436945","80035873937891202070009348297567908368","74764734517677362163104703090556844995","228311278547464453342127982146664695658","30133312228422213380460460723942089712","126298908723613418696065284931978694993","9166235807927816929142604063798332150","127863838576124477299360174190061064632","107259410086808535954236784175814547050","321196978175232136587442738967121329448","159672417539953732280918222841687855955","228091645711026611142182582889886151455","29377196293369369083376958398014172490","195846206914863738717216534818008358397","105099883964764991573582733122127431290","253168493676297310222301794308690673414","324863981638471782464690285000029992754","167947331261202617657799057784876416755","74927838182280750452535391914326158244","306080753429637918127966118519509188488","181487624899723536709689148736706124937","305137437608757125345525682141847296605","199075508110150086940441211486637575817","27506543470565857610639976269088208355"],"threshold":0.9},"id":"CVE-2017-11721-b657e61b","signature_version":"v1","deprecated":false},{"signature_type":"Function","target":{"file":"code/qcommon/huffman.c","function":"send"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"length":260,"function_hash":"151704885229247712111065829759924293777"},"id":"CVE-2017-11721-e4557298","signature_version":"v1","deprecated":false},{"signature_type":"Function","target":{"file":"code/qcommon/huffman.c","function":"Huff_offsetReceive"},"source":"https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1","digest":{"length":332,"function_hash":"93779520416397399629672495232215646587"},"id":"CVE-2017-11721-f8858621","signature_version":"v1","deprecated":false}],"vanir_signatures_modified":"2026-04-11T04:38:04Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2017-07-31"}]},{"events":[{"introduced":"ioquake3"},{"fixed":"2017-08-02"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}