CVE-2021-30481

Name
CVE-2021-30481
Description
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://www.youtube.com/watch?v=rNQn--9xR1Q
Issue Tracking https://news.ycombinator.com/item?id=26762170
Exploit https://twitter.com/the_secret_club/status/1380868759129296900
Third Party Advisory https://twitter.com/floesen_/status/1337107178096881666

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:valvesoftware:steam:*:*:*:*:*:*:*:* steam >= None <= 2021-04-10
cpe:2.3:a:valvesoftware:steam_client:*:*:*:*:*:*:*:* steam_client >= None <= 2021-04-10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status