PT-2025-42216 · Valve · Source Sdk
Published
2025-10-15
·
Updated
2025-10-15
·
CVE-2017-20205
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Valve's Source SDK (source-sdk-2013) (affected versions not specified)
Description
The ragdoll model parsing logic in Valve's Source SDK (source-sdk-2013) contains a stack-based buffer overflow. The
nexttoken function copies characters from an input string into a fixed-size stack buffer without bounds checking. When the ParseKeyValue function processes a collisionpair rule exceeding the destination buffer size of 256 bytes, an overflow of the szToken stack buffer can occur, potentially overwriting the function return address. An attacker can trigger this by providing a specially crafted ragdoll model, leading to remote code execution on affected clients or servers.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Source Sdk