9.8
CVE-2018-20817
- EPSS 2.42%
- Veröffentlicht 19.04.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:14
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activision ≫ Call Of Duty: Advanced Warfare Version-
Activision ≫ Call Of Duty: Black Ops 1 Version-
Activision ≫ Call Of Duty: Blacks Ops 2 Version-
Activision ≫ Call Of Duty: Ghosts Version-
Activision ≫ Call Of Duty: Modern Warfare 2 Version-
Activision ≫ Call Of Duty: Modern Warfare 3 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.42% | 0.846 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.