CVE-2019-15943

moderate-risk
Published 2019-09-19

vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.

Do I need to act?

!
22.6% chance of exploitation in next 30 days
EPSS score — higher than 77% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47454
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Valvesoftware

References (6)

http://packetstormsecurity.com/files/154705/Counter-Strike-Global-Offensive-Code...
Release Notes https://blog.counter-strike.net/index.php/category/updates/
Exploit https://github.com/bi7s/CVE/blob/master/CVE-2019-15943/README.md
http://packetstormsecurity.com/files/154705/Counter-Strike-Global-Offensive-Code...
Release Notes https://blog.counter-strike.net/index.php/category/updates/
Exploit https://github.com/bi7s/CVE/blob/master/CVE-2019-15943/README.md
49
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal