Description
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
Exploits (1)
References (3)
Core 3
Core References
Release Notes x_refsource_misc
https://blog.counter-strike.net/index.php/category/updates/
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/bi7s/CVE/blob/master/CVE-2019-15943/README.md
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154705/Counter-Strike-Global-Offensive-Code-Execution-Denial-Of-Service.html
Scores
CVSS v3
8.8
EPSS
0.2259
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
valvesoftware/counter-strike\
< 1.37.1.1
Published
Sep 19, 2019
Tracked Since
Feb 18, 2026