CVE-2018-20817

Name: CVE-2018-20817
Creator: NVD / NIST
Published: 2019-04-19T23:29:00.303+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.63%

Last modified Jun 17, 2026

CVE-2018-20817 is a vulnerability of currently unknown severity. SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.. EPSS estimates a 3.63% chance of exploitation in the next 30 days.

Description

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.

Metrics

EPSS Probability

3.63%

88.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Activision	Call Of Duty\	_advanced_warfare
Activision	Call Of Duty\	_black_ops_1
Activision	Call Of Duty\	_blacks_ops_2
Activision	Call Of Duty\	_ghosts
Activision	Call Of Duty\	_modern_warfare_2
Activision	Call Of Duty\	_modern_warfare_3

References

https://github.com/RektInator/cod-steamauth-rceExploit, Third Party Advisory
https://github.com/momo5502/cod-exploits/tree/master/steam-authThird Party Advisory
https://github.com/RektInator/cod-steamauth-rceExploit, Third Party Advisory
https://github.com/momo5502/cod-exploits/tree/master/steam-authThird Party Advisory

Timeline

Published: Apr 19, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-20817?

How severe is CVE-2018-20817?

Severity scoring for CVE-2018-20817 is pending analysis. The EPSS model estimates a 3.63% probability of exploitation in the next 30 days.

How do I fix CVE-2018-20817?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-20817?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST