CVE-2018-20817
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
19/04/2019
Last modified:
22/04/2019
Description
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:activision:call_of_duty\:_advanced_warfare:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:activision:call_of_duty\:_black_ops_1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:activision:call_of_duty\:_blacks_ops_2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:activision:call_of_duty\:_ghosts:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:activision:call_of_duty\:_modern_warfare_2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:activision:call_of_duty\:_modern_warfare_3:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page