CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38312
https://notcve.org/view.php?id=CVE-2023-38312
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. Una vulnerabilidad de cruce de directorio en Valve Counter-Strike 8684 permite a un cliente (con acceso de control remoto a un servidor de juegos) leer archivos arbitrarios del servidor subyacente a través de la variable de consola motdfile. • https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35855
https://notcve.org/view.php?id=CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. Un desbordamiento de búfer en Counter-Strike a través de 8684 permite a un servidor de juegos ejecutar código arbitrario en la máquina de un cliente remoto modificando la variable de consola "lservercfgfile". • https://github.com/MikeIsAStar/Counter-Strike-Remote-Code-Execution • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30382
https://notcve.org/view.php?id=CVE-2023-30382
A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. • https://labs.jumpsec.com/advisory-cve-2023-30382-half-life-local-privilege-escalation • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 3CVE-2021-30481
https://notcve.org/view.php?id=CVE-2021-30481
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. Valve Steam hasta el 10-04-2021, cuando un juego del motor de Origen es instalado, permite a usuarios autenticados remotos ejecutar código arbitrario debido a un desbordamiento del búfer que ocurre para una invitación de Steam después de un clic • https://github.com/floesen/CVE-2021-30481 https://news.ycombinator.com/item?id=26762170 https://twitter.com/floesen_/status/1337107178096881666 https://twitter.com/the_secret_club/status/1380868759129296900 https://www.youtube.com/watch?v=rNQn--9xR1Q • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6017
https://notcve.org/view.php?id=CVE-2020-6017
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. Game Networking Sockets de Valve versiones anteriores a v1.2.0, manejan de manera inapropiada segmentos largos y no confiables en la función SNP_ReceiveUnreliableSegment() cuando están configurados para admitir mensajes de texto plano, conllevando a un desbordamiento del búfer en la región heap de la memoria y resultando en una corrupción de la memoria y posiblemente incluso en una ejecución de código remota • https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43 https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •