Vulnerabilities > CVE-2020-9005 - Out-of-bounds Write vulnerability in Valvesoftware Dota 2 20200217/7.23E/7.23F

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
valvesoftware
CWE-787

Summary

meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled.

Vulnerable Configurations

Part Description Count
Application
Valvesoftware
3

Common Weakness Enumeration (CWE)