PT-2023-10637 · Cksurf · Cksurf
Nikooo777
·
Publicado
2023-08-28
·
Atualizado
2024-08-05
·
CVE-2017-20186
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
nikooo777 ckSurf versions 1.19.2 and earlier
Description
A vulnerability was found in the function
SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The manipulation of the argument cleanName leads to denial of service. This issue only affects products that are no longer supported by the maintainer.Recommendations
To address this issue, upgrade to version 1.21.0. As a temporary workaround, consider restricting the manipulation of the
cleanName argument in the SpecListMenuDead function until the upgrade is applied.Correção
Improper Resource Release
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cksurf