Buffer overflow in Valve Software Source Sdk (Source-sdk-2013)
CVE-2017-20205
Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer without perfor…
Vulnerability class: Buffer Overflow
EPSS: 0.006 (45.7th percentile) — read the EPSS interpretation.
Affected products
- Valve Software Source Sdk (Source-sdk-2013) — versions source-sdk-2013
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, patch)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)