CVE-2021-30481

Name of the Vulnerable Software and Affected Versions Valve Steam through 2021-04-10

Description The issue allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click when a Source engine game is installed. This is related to a remote code execution (RCE) vulnerability in the Source engine via game invites.

Recommendations For Valve Steam through 2021-04-10, update to a version released after 2021-04-10 to resolve the issue. As a temporary workaround, consider disabling the functionality related to Steam invites until a patch is available. Restrict access to the vulnerable component of the Source engine to minimize the risk of exploitation. Avoid using the affected feature in the Source engine until the issue is resolved.