Name | CVE-2015-4016 |
Description | The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: Related to non-free steam package.
The affected code is believed to be downloaded from Valve on startup.
http://store.steampowered.com/news/16801/
http://www.zerodayinitiative.com/advisories/ZDI-15-233/