CVE-2020-7949

HIGH

Valve Dota 2 <7.23f - RCE/DoS

Title source: llm

Description

schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.

Exploits (1)

exploitdb WORKING POC

by Bogdan Kurinnoy · textdoswindows

https://www.exploit-db.com/exploits/48031

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/bi7s/CVE/tree/master/CVE-2020-7949

Scores

CVSS v3 7.8

EPSS 0.0997

EPSS Percentile 93.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

valvesoftware/dota_2 < 7.23f

Published Jan 27, 2020

Tracked Since Feb 18, 2026