Valve: Buffer overrun in Steam SILK voice decoder

Vulnerability The SteamWorks SDK has a function available named DecompressVoice, which takes as input some compressed voice data, and returns the raw audio data. The format for the input voice data is as follows: 8 bytes - steamid 1 byte - payload type 2 bytes - payload size 4 bytes - CRC checksu...

Valve: CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download

Title: CS:GO Server - Client RCE through OOB access in CSVCMsgSplitScreen + Info leak in HTTP download Scope: csgo.exe Weakness: Out-of-bounds Read Severity: Critical 9.6 Link: https://hackerone.com/reports/1070835 Date: 2021-01-04 00:22:02 +0000 By: @simonscannell Details: We managed to write an...

Fedora 33 : mumble (2020-f869e01557)

Mumble 1.3.2. === Client - Fixed: Overlay not starting 4282 Server - Fixed: keychain-error on macOS for custom certificates 4345 Known issues - Overlay blocked by BattleEye. A request to whitelist it has been made. - Overlay blocked by CS:GO Trusted Mode Note that Tenable Network Security has...

Fedora 32 : mumble (2020-8372f6bae4)

Mumble 1.3.2. === Client - Fixed: Overlay not starting 4282 Server - Fixed: keychain-error on macOS for custom certificates 4345 Known issues - Overlay blocked by BattleEye. A request to whitelist it has been made. - Overlay blocked by CS:GO Trusted Mode Note that Tenable Network Security has...

Fedora 31 : mumble (2020-ca26a3f832)

Mumble 1.3.2. === Client - Fixed: Overlay not starting 4282 Server - Fixed: keychain-error on macOS for custom certificates 4345 Known issues - Overlay blocked by BattleEye. A request to whitelist it has been made. - Overlay blocked by CS:GO Trusted Mode Note that Tenable Network Security has...

Valve: Signedness issue in ClassInfo message handler leads to RCE on CS:GO client

Title: Signedness issue in ClassInfo message handler leads to RCE on CS:GO client Scope: csgo.exe Weakness: Array Index Underflow Severity: Critical 9.6 Link: https://hackerone.com/reports/876719 Date: 2020-05-17 20:31:35 +0000 By: @chaynik Details: Vulnerability ------------- CSVCMsgClassInfo...

Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution

Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...

Source Engine CS:GO Build 4937372 Arbitrary Code Execution

Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...

Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak

The discovery of leaked source code for two popular games – Counter-Strike: Global Offensive CS:GO and Team Fortress 2 – has led to security concerns and even calls for gamers to uninstall the software from their computers. The developer and publisher of the two games, Valve, is downplaying the...

CS:GO & Team Fortress 2 source code leaked – Virus alert for TF2

By Waqas The source code for Counter-Strike Global Offensive CS:GO and Team Fortress 2 TF2 have been leaked. This is a post from HackRead.com Read the original post: CS:GO & Team Fortress 2 source code leaked - Virus alert for TF2...

Valve: OOB reads in network message handlers leads to RCE

Vulnerability In Source engine games there are many network messages sent from the server to the client that take an entity index. There is a common pattern among many of these messages for the lower bounds of the entity index to be checked but not the upper bounds. In many cases these out of bou...

CVE-2019-15944

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message...

Valve: RCE on CS:GO client using unsanitized entity ID in EntityMsg message

Title: RCE on CS:GO client using unsanitized entity ID in EntityMsg message Scope: csgo.exe Weakness: Out-of-bounds Read Severity: Critical 9.6 Link: https://hackerone.com/reports/584603 Date: 2019-05-19 17:49:21 +0000 By: @chaynik Details: Vulnerability ------------- CSVCMsgEntityMsg message is...

Valve: [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution

Title: CS:GO Unchecked texture file name with TEXTUREFLAGSDEPTHRENDERTARGET can lead to Remote Code Execution Scope: csgo.exe Weakness: Stack Overflow Severity: High 8.0 Link: https://hackerone.com/reports/550625 Date: 2019-04-29 17:52:46 +0000 By: @nyancat0131 Details: Summary A texture with lon...

Valve: [Source Engine] Material path truncation leads to Remote Code Execution

Title: Source Engine Material path truncation leads to Remote Code Execution Scope: .exe Weakness: Improper Input Validation Severity: High 7.1 Link: https://hackerone.com/reports/544096 Date: 2019-04-20 12:18:09 +0000 By: @nyancat0131 Details: Summary The handler of matcrosshairedit command...

Valve: Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games

With a specially crafted closed captions file, the parser calls CHudCloseCaption::GetNoRepeatValue which in turn calls CHudCloseCaption::SplitCommand which has no boundary checks allowing the on stack variables cmd and args to be overflowed which in turn allows Remote Code Execution. Buffer...

Valve: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution

A malformed .BSP can trigger an Access Violation on CS:GO that can lead to arbitrary code execution on a remote computer. I have attached a copy of the malformed .BSP which reliably triggers an Access Violation on CS:GO. Impact An attacker hosting a malicious server could compromise a remote clie...