Valve Program Statistics

View program

59 total issues disclosed

$247,850 total paid publicly

Most disclosed (13 disclosures) — Classic Buffer Overflow

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Access to microtransaction sales data for lots of apps from 2014 to present at /valvefinance/sanity/ Improper Access Control - Generic njbooher Critical 2021-09-21
Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover) Information Disclosure bugstar High 2021-09-21
Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation Privilege Escalation hydraskyteam Medium 2021-09-21
Buffer overrun in Steam SILK voice decoder Classic Buffer Overflow slidybat Critical 2021-09-13
Modify in-flight data to payment provider Smart2Pay Business Logic Errors drbrix Critical 2021-08-10
RCE on CS:GO client using unsanitized entity ID in EntityMsg message Out-of-bounds Read teapotd Critical 2021-05-27
Signedness issue in ClassInfo message handler leads to RCE on CS:GO client Array Index Underflow teapotd Critical 2021-05-27
CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download Out-of-bounds Read simonscannell Critical 2021-05-17
[Portal 2] Remote Code Execution via voice packets Classic Buffer Overflow gamer7112 Critical 2021-05-10
[Source Engine] Material path truncation leads to Remote Code Execution Improper Input Validation nyancat0131 High 2021-05-06
[CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution Stack Overflow nyancat0131 High 2021-05-06
Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games Classic Buffer Overflow gamer7112 Critical 2021-05-05
OOB reads in network message handlers leads to RCE Out-of-bounds Read slidybat Critical 2021-05-04
GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE Stack Overflow pixelindigo Critical 2021-05-04
[steam client] Opening a specific steam:// url overwrites files at an arbitrary location Write-what-where Condition kbeckmann Medium 2020-09-22
[Half-Life 1] Malformed map name leads to memory corruption and code execution Classic Buffer Overflow kbeckmann High 2020-09-22
Unauthorized updates to extended_info properties in /store/ajaxpackagesave Improper Access Control - Generic njbooher High 2020-09-09
Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge Improper Access Control - Generic njbooher High 2020-09-09
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser Stack Overflow irukandjisecresearch High 2020-08-19
[GoldSrc] RCE via malformed BSP file Classic Buffer Overflow gamer7112 High 2020-08-19
[GoldSrc] RCE via 'spk' Console Command Classic Buffer Overflow gamer7112 High 2020-08-19
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser Stack Overflow irukandjisecresearch High 2020-08-19
ajaxgetachievementsforgame is not guarded for unreleased apps Information Disclosure jameslll Medium 2020-07-30
Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client Malware kohtep2010 High 2020-03-25
Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe Classic Buffer Overflow hunterstanton Critical 2020-03-25
Malformed BSP in GoldSrc Engine may cause shellcode injection Classic Buffer Overflow kohtep2010 High 2020-03-25
Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState Information Disclosure xpaw Medium 2020-03-20
Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection Classic Buffer Overflow kohtep2010 High 2020-02-27
Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games. Malware splatt581 High 2020-02-24
GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame Information Disclosure xpaw Medium 2020-02-20
Steam chat - trade offer presentation vulnerability Business Logic Errors hackerontwowheels Medium 2020-02-19
Arbitrary File Write as SYSTEM from unprivileged user Privilege Escalation b0yd High 2020-01-15
Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message Code Injection shayhelman Critical 2019-10-09
Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe) Memory Corruption - Generic chippy High 2019-10-09
Unchecked weapon id in WeaponList message parser on client leads to RCE Array Index Underflow nyancat0131 Critical 2019-09-17
Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution Stack Overflow nyancat0131 High 2019-09-17
ISteamAssets gives partners control over unrelated community market transactions Improper Access Control - Generic njbooher High 2019-05-24
RCE on Steam Client via buffer overflow in Server Info Classic Buffer Overflow vinnievan Critical 2019-03-15
[help.steampowered.com] Account takeover bruteforcing SteamGuard Business Logic Errors natetheriver High 2019-01-23
XSS in steam react chat client Cross-site Scripting (XSS) - Stored zemnmez Critical 2019-01-07
Getting all the CD keys of any game Improper Access Control - Generic moskowsky Critical 2018-10-31
Getting all the CD keys of any game Improper Access Control - Generic moskowsky Critical 2018-10-31
Buffer overflows in demo parsing Classic Buffer Overflow yalter Medium 2018-08-29
Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation Classic Buffer Overflow chippy High 2018-08-29
SQL Injection in report_xml.php through countryFilter[] parameter SQL Injection moskowsky Critical 2018-07-27
Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution Classic Buffer Overflow chippy Critical 2018-07-19
resetreportedcount & updatetags doesn't verify appid param Improper Authentication - Generic milkgames Medium 2018-07-03
Suspended users can bypass UGC upload ban Improper Access Control - Generic delite Low 2018-07-03
ImageMagick GIF coder vulnerability leading to memory disclosure Information Disclosure alyssa_herrera Medium 2018-07-03
GetReports works for hubs you don't have access to Privacy Violation milkgames Medium 2018-05-31
Aapp name leakage on economy history page Information Disclosure xpaw Medium 2018-05-25
Unfiltered input allows for XSS in "Playtime Item Grants" fields Cross-site Scripting (XSS) - Stored xpaw Medium 2018-05-25
Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name Cross-site Scripting (XSS) - Stored osintopsec Medium 2018-05-24
Link filter protection bypass Open Redirect ramsexy Medium 2018-05-10
LFI in pChart php library Path Traversal ramsexy High 2018-05-10
Read Access to all comments on unauthorized forums' discussions! IDOR! Insecure Direct Object Reference (IDOR) ta8ahi Medium 2018-05-09
Xss was found by exploiting the URL markdown on http://store.steampowered.com Cross-site Scripting (XSS) - DOM kenziy Medium 2018-05-09
Reflected XSS in www.dota2.com Cross-site Scripting (XSS) - Reflected jr0ch17 Medium 2018-05-09
MySQL username and password leaked in developer.valvesoftware.com via source code dislosure Password in Configuration File nahamsec Medium 2018-05-07