Valve


59 total issues disclosed

$247,850 total paid publicly


Most disclosed (13 disclosures) — Classic Buffer Overflow

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Access to microtransaction sales data for lots of apps from 2014 to present at /valvefinance/sanity/ Improper Access Control - Generic njbooher Critical 2021-09-21
Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover) Information Disclosure bugstar High 2021-09-21
Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation Privilege Escalation hydraskyteam Medium 2021-09-21
Buffer overrun in Steam SILK voice decoder Classic Buffer Overflow slidybat Critical 2021-09-13
Modify in-flight data to payment provider Smart2Pay Business Logic Errors drbrix Critical 2021-08-10
RCE on CS:GO client using unsanitized entity ID in EntityMsg message Out-of-bounds Read teapotd Critical 2021-05-27
Signedness issue in ClassInfo message handler leads to RCE on CS:GO client Array Index Underflow teapotd Critical 2021-05-27
CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download Out-of-bounds Read simonscannell Critical 2021-05-17
[Portal 2] Remote Code Execution via voice packets Classic Buffer Overflow gamer7112 Critical 2021-05-10
[Source Engine] Material path truncation leads to Remote Code Execution Improper Input Validation nyancat0131 High 2021-05-06
[CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution Stack Overflow nyancat0131 High 2021-05-06
Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games Classic Buffer Overflow gamer7112 Critical 2021-05-05
OOB reads in network message handlers leads to RCE Out-of-bounds Read slidybat Critical 2021-05-04
GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE Stack Overflow pixelindigo Critical 2021-05-04
[steam client] Opening a specific steam:// url overwrites files at an arbitrary location Write-what-where Condition kbeckmann Medium 2020-09-22
[Half-Life 1] Malformed map name leads to memory corruption and code execution Classic Buffer Overflow kbeckmann High 2020-09-22
Unauthorized updates to extended_info properties in /store/ajaxpackagesave Improper Access Control - Generic njbooher High 2020-09-09
Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge Improper Access Control - Generic njbooher High 2020-09-09
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser Stack Overflow irukandjisecresearch High 2020-08-19
[GoldSrc] RCE via malformed BSP file Classic Buffer Overflow gamer7112 High 2020-08-19
[GoldSrc] RCE via 'spk' Console Command Classic Buffer Overflow gamer7112 High 2020-08-19
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser Stack Overflow irukandjisecresearch High 2020-08-19
ajaxgetachievementsforgame is not guarded for unreleased apps Information Disclosure jameslll Medium 2020-07-30
Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client Malware kohtep2010 High 2020-03-25
Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe Classic Buffer Overflow hunterstanton Critical 2020-03-25
Malformed BSP in GoldSrc Engine may cause shellcode injection Classic Buffer Overflow kohtep2010 High 2020-03-25
Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState Information Disclosure xpaw Medium 2020-03-20
Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection Classic Buffer Overflow kohtep2010 High 2020-02-27
Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games. Malware splatt581 High 2020-02-24
GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame Information Disclosure xpaw Medium 2020-02-20
Steam chat - trade offer presentation vulnerability Business Logic Errors hackerontwowheels Medium 2020-02-19
Arbitrary File Write as SYSTEM from unprivileged user Privilege Escalation b0yd High 2020-01-15
Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message Code Injection shayhelman Critical 2019-10-09
Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe) Memory Corruption - Generic chippy High 2019-10-09
Unchecked weapon id in WeaponList message parser on client leads to RCE Array Index Underflow nyancat0131 Critical 2019-09-17
Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution Stack Overflow nyancat0131 High 2019-09-17
ISteamAssets gives partners control over unrelated community market transactions Improper Access Control - Generic njbooher High 2019-05-24
RCE on Steam Client via buffer overflow in Server Info Classic Buffer Overflow vinnievan Critical 2019-03-15
[help.steampowered.com] Account takeover bruteforcing SteamGuard Business Logic Errors natetheriver High 2019-01-23
XSS in steam react chat client Cross-site Scripting (XSS) - Stored zemnmez Critical 2019-01-07
Getting all the CD keys of any game Improper Access Control - Generic moskowsky Critical 2018-10-31
Getting all the CD keys of any game Improper Access Control - Generic moskowsky Critical 2018-10-31
Buffer overflows in demo parsing Classic Buffer Overflow yalter Medium 2018-08-29
Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation Classic Buffer Overflow chippy High 2018-08-29
SQL Injection in report_xml.php through countryFilter[] parameter SQL Injection moskowsky Critical 2018-07-27
Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution Classic Buffer Overflow chippy Critical 2018-07-19
resetreportedcount & updatetags doesn't verify appid param Improper Authentication - Generic milkgames Medium 2018-07-03
Suspended users can bypass UGC upload ban Improper Access Control - Generic delite Low 2018-07-03
ImageMagick GIF coder vulnerability leading to memory disclosure Information Disclosure alyssa_herrera Medium 2018-07-03
GetReports works for hubs you don't have access to Privacy Violation milkgames Medium 2018-05-31
Aapp name leakage on economy history page Information Disclosure xpaw Medium 2018-05-25
Unfiltered input allows for XSS in "Playtime Item Grants" fields Cross-site Scripting (XSS) - Stored xpaw Medium 2018-05-25
Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name Cross-site Scripting (XSS) - Stored osintopsec Medium 2018-05-24
Link filter protection bypass Open Redirect ramsexy Medium 2018-05-10
LFI in pChart php library Path Traversal ramsexy High 2018-05-10
Read Access to all comments on unauthorized forums' discussions! IDOR! Insecure Direct Object Reference (IDOR) ta8ahi Medium 2018-05-09
Xss was found by exploiting the URL markdown on http://store.steampowered.com Cross-site Scripting (XSS) - DOM kenziy Medium 2018-05-09
Reflected XSS in www.dota2.com Cross-site Scripting (XSS) - Reflected jr0ch17 Medium 2018-05-09
MySQL username and password leaked in developer.valvesoftware.com via source code dislosure Password in Configuration File nahamsec Medium 2018-05-07