CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0969

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1390%
EPSS Percentile27.41th
PublishedDec 19, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.

Affected Platforms (CPE)

πŸ“¦
Valve Software

Half Life Dedicated Server

= 3.1.3

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
πŸ”— http://www.osvdb.org/6983
πŸ”— http://www.securityfocus.com/archive/1/141060
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/5413
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
πŸ”— http://www.osvdb.org/6983

Related Vulnerabilities

CVE-2000-096810.0

Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long r...

CVE-2003-13255.2

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote auth...

CVE-2007-54774.3

Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attack...

CVE-2006-07344.0

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenti...