9.8
CVE-2018-20817
- EPSS 2.42%
- Published 19.04.2019 23:29:00
- Last modified 21.11.2024 04:02:14
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.
Data is provided by the National Vulnerability Database (NVD)
Activision ≫ Call Of Duty: Advanced Warfare Version-
Activision ≫ Call Of Duty: Black Ops 1 Version-
Activision ≫ Call Of Duty: Blacks Ops 2 Version-
Activision ≫ Call Of Duty: Ghosts Version-
Activision ≫ Call Of Duty: Modern Warfare 2 Version-
Activision ≫ Call Of Duty: Modern Warfare 3 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.42% | 0.846 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.