CVE-2018-20817

Опубликовано: 19 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.

Ссылки

https://github.com/RektInator/cod-steamauth-rce
Exploit
Third Party Advisory
https://github.com/momo5502/cod-exploits/tree/master/steam-auth
Third Party Advisory
https://github.com/RektInator/cod-steamauth-rce
Exploit
Third Party Advisory
https://github.com/momo5502/cod-exploits/tree/master/steam-auth
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:activision:call_of_duty\:_advanced_warfare:-:*:*:*:*:*:*:*

cpe:2.3:a:activision:call_of_duty\:_black_ops_1:-:*:*:*:*:*:*:*

cpe:2.3:a:activision:call_of_duty\:_blacks_ops_2:-:*:*:*:*:*:*:*

cpe:2.3:a:activision:call_of_duty\:_ghosts:-:*:*:*:*:*:*:*

cpe:2.3:a:activision:call_of_duty\:_modern_warfare_2:-:*:*:*:*:*:*:*

cpe:2.3:a:activision:call_of_duty\:_modern_warfare_3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02359

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-jphr-rfwm-72w3