Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Valve Source SDK Stack-Based Buffer Overflow RCE
Vulnerability Description
Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When `ParseKeyValue` processes a collisionpair rule longer than the destination buffer (256 bytes), an overflow of the stack buffer `szToken` can occur and overwrite the function return address. A remote attacker can trigger the vulnerable code by supplying a specially crafted ragdoll model which causes the oversized collisionpair rule to be parsed, resulting in remote code execution on affected clients or servers. Valve has addressed this issue in many of their Source games, but independently-developed games must manually apply patch.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Source SDK 安全漏洞
Vulnerability Description
Source SDK是Valve Software开源的一个电脑游戏。 Source SDK存在安全漏洞,该漏洞源于ragdoll模型解析逻辑中存在基于栈的缓冲区溢出,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A