Closed PistonMiner closed 9 years ago
This and other known security issues have been resolved in the latest SDK update
@Nephyrin, will those security fixes be backported to earlier engine versions (2006 SDK in particular)?
@squeek502 seems extremely unlikely.
This and other known security issues have been resolved in the latest SDK update
Necroposter here. This security vulnerability is also present in the SP branch, at relevant lines starting from https://github.com/ValveSoftware/source-sdk-2013/blob/master/sp/src/public/sentence.cpp#L457 onward based on the Files changed section here.
Was this ever also applied to the SP branch, Nephyrin, or only the MP branch?
This fixes a buffer overflow using malicious sound files. This exploit is currently commonly being used during the current attacks on Source engine games and allows for arbitrary code execution.
Affected mods include but are not limited to:
IMPORTANT: This is by far not the only vulnerability available to these mods. Most vulnerabilities are contained in the Source SDK 2013 Base and are not available in code form. In live games such as TF2 and CS:GO, many of these have been patched. I recommend that these changes are ported immediately.
--PistonMiner