CVE-2021-32795

Name of the Vulnerable Software and Affected Versions ArchiSteamFarm versions prior to 4.3.1.0

Description ArchiSteamFarm is a C# application for idling Steam cards from multiple accounts simultaneously. A Denial of Service vulnerability exists in versions prior to 4.3.1.0, allowing an attacker to remotely crash a running instance by sending a specifically-crafted Steam chat message. The attacker needs to know the CommandPrefix in advance, but most setups use the default value. This attack does not allow the attacker to gain sensitive information or execute arbitrary commands. The issue is patched in version 4.3.1.0.

Recommendations For versions prior to 4.3.1.0, the only workaround that guarantees complete protection is running all bots with OnlineStatus of 0 (Offline), allowing ArchiSteamFarm to ignore the specifically-crafted message without attempting to interpret it. Update to version 4.3.1.0 or later to resolve the issue.