CVE-2019-15943

Опубликовано: 19 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Средний

Описание

vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.

Ссылки

http://packetstormsecurity.com/files/154705/Counter-Strike-Global-Offensive-Code-Execution-Denial-Of-Service.html
https://blog.counter-strike.net/index.php/category/updates/
Release Notes
https://github.com/bi7s/CVE/blob/master/CVE-2019-15943/README.md
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/154705/Counter-Strike-Global-Offensive-Code-Execution-Denial-Of-Service.html
https://blog.counter-strike.net/index.php/category/updates/
Release Notes
https://github.com/bi7s/CVE/blob/master/CVE-2019-15943/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:valvesoftware:counter-strike\:_global_offensive:*:*:*:*:*:*:*:*

Версия до 1.37.1.1 (исключая)

EPSS

Процентиль: 96%

0.22594

Средний

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-fmqv-rmp8-gm2p

github

больше 3 лет назад