Summaryinfo

A vulnerability, which was classified as critical, was found in Valve Dota 2 up to 2020-02-17. This affects the function GetValue in the library meshsystem.dll. The manipulation leads to input validation. This vulnerability is uniquely identified as CVE-2020-9005. It is possible to initiate the attack remotely. There is no exploit available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Valve Dota 2 up to 2020-02-17. Affected by this issue is the function GetValue in the library meshsystem.dll. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality, integrity, and availability. CVE summarizes:

meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled.

The weakness was disclosed 02/17/2020. This vulnerability is handled as CVE-2020-9005 since 02/16/2020. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Valve

Name

• Dota 2

Version

• 2020-02-17

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion