CVE-2000-0969

critical

Description

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/5413

http://www.securityfocus.com/archive/1/141060

http://www.osvdb.org/6983

http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html

http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html

Details

Source: Mitre, NVD

Published: 2000-12-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02704