Security exploit: Hey guess what's on the stack?

danielmm8888 / TF2Classic

A repo containing the source code for Team Fortress 2 Classic

Other

40 stars 15 forks source link

Closed zxz41 closed 8 years ago

zxz41 commented 8 years ago

Found originaly by sigsegv Exploit in TF2Classic

"DebugOverlay::Paint calls Q_vsnprintf with an unsanitized format string parameter, instead of using "%s" as a sane person would do." -sigsegv

Original image of the exploit Exploit in Live TF2

This was patched for LiveTF2, but Valve never updated any other Source based games with this patch.

PistonMiner commented 8 years ago

Yay, format string exploits aren't extinct! Will fix ASAP, thanks for the report.

PistonMiner commented 8 years ago

Fixed in the next release.