CVE-2019-17180

Description

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

How to fix CVE-2019-17180

To remediate CVE-2019-17180, upgrade the affected package to a fixed version below.

• PyPI/steam—upgrade to 2019-09-12 or later

Is CVE-2019-17180 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2019-09-12

References (5)

• ADVISORYhabr.com/ru/company/pm/blog/469507/
• WEBamonitoring.ru/article/steam_vuln_3/
• WEBhackerone.com/reports/583184
• WEBhackerone.com/reports/682774
• WEBstore.steampowered.com/news/54236/