Vulnerabilities > CVE-2020-7949 - Unspecified vulnerability in Valvesoftware Dota 2 7.23E

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

valvesoftware

exploit available

NVD

Published: 2020-01-27

Updated: 2020-01-27

Summary

schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.

Vulnerable Configurations

Part	Description	Count
Application	Valvesoftware Valvesoftware Dota 2 7.23E	1

Exploit-Db

id	EDB-ID:48031
last seen	2020-02-10
modified	2020-02-10
published	2020-02-10
reporter	Exploit-DB
source	https://www.exploit-db.com/download/48031
title	Dota 2 7.23f - Denial of Service (PoC)

Packetstorm

data source	https://packetstormsecurity.com/files/download/156268/dota2723f-dos.txt
id	PACKETSTORM:156268
last seen	2020-02-11
published	2020-02-09
reporter	Bogdan Kurinnoy
source	https://packetstormsecurity.com/files/156268/Dota-2-7.23f-Denial-Of-Service.html
title	Dota 2 7.23f Denial Of Service

References

https://github.com/bi7s/CVE/tree/master/CVE-2020-7949