PYSEC-2019-55

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/steam/PYSEC-2019-55.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-55

Withdrawn

2023-03-14T07:01:09.361872Z

Published

2019-10-04T20:15:00Z

Modified

2023-03-14T07:01:09.361872Z

Summary

[none]

Details

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

References

https://habr.com/ru/company/pm/blog/469507/
https://amonitoring.ru/article/steam_vuln_3/
https://hackerone.com/reports/682774
https://store.steampowered.com/news/54236/
https://hackerone.com/reports/583184

Affected packages

PyPI / steam

Package

Name: steam; View open source insights on deps.dev
Purl: pkg:pypi/steam

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2019-09-12

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/steam/PYSEC-2019-55.yaml"