• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PSA: Cyberpunk 2077 vulnerability found

yet_another_alt

yet_another_alt

Member
Not even going to pretend I understand this.

forums.cdprojektred.com

[SOLVED] IMPORTANT: PC version vulnerability

If you plan to use Cyberpunk mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources. Edit: The...
forums.cdprojektred.com forums.cdprojektred.com

Here's the git from the modder that discovered the vulnerability

github.com

CyberpunkSaveEditor/README.md at main · PixelRick/CyberpunkSaveEditor

A tool to edit Cyberpunk 2077 sav.dat files. Contribute to PixelRick/CyberpunkSaveEditor development by creating an account on GitHub.
github.com github.com

As for the drama portion, apparently CDPR is offloading the blame on modders but modders are claiming the exploit is in the base game itself and is present on consoles and even GeForce now. Here's a quote from the previously linked CDPR forums:

Ok, I feel like I need to say something, this kind of bad practice has to stop.

Let me introduce myself, I am yamashi the creator of Cyber Engine Tweaks.

I wasn't planing on saying anything but since we, the modders, are getting blamed for this, I can't just stand on the sidelines and take it.

What CDPR posted above is WRONG, it isn't caused by an external DLL, the vulnerability is caused by a buffer overflow in a function they use to load strings, this function is used more than 100 times in the game, it is used to load the save games, the archive assets and other parts that we haven't investigated. This is 100% CDPR's fault, it isn't anybody else's fault. This is caused by a lack of proper unit testing.

What happened to owning up to your mistakes CDPR? Not only did PixelRick communicate this a week ago and you didn't do anything (this should have been hotfixed a few hours after you knew about it), but then you go public lying about the nature of the vulnerability so that modders take the fall for this? What we do, we do for free, we aren't your scapegoat, and this is definitely on you. The fact that we redirect the buffer overflow to xinput because it doesn't have ASLR does not mean that it's xinput's fault, we shouldn't be able to access xinput in the first place.

Just so you know everyone this isn't just a PC issue, every platform is affected.

It has been exploited to gain access to Geforce NOW already, maybe you should explain to NVIDIA how it is not your fault CDPR, I am not sure that's going to work once they audit the exe.
Click to expand...
 
THEAP99

THEAP99

Banned
Wow CD Projekt Red can't fix the game themselves in a timely manner so they try passing the mess off to modders and then try blaming modders for issues. You seriously can't make this stuff up!
 
rodrigolfp

rodrigolfp

Haptic Gamepads 4 Life
6f6.jpg
 
You must log in or register to reply here.

Similar threads

Cyberpunk 2077: Patch 2.0 Patch Notes
News Hype 2 3 4 5 6
250
18K
Sgt.Asher replied
Cyberpunk 2077 Patch 2.1 Patch Notes Released
News 2 3
117
8K
DanEON replied
[PC Gamer] How Cyberpunk 2077 clawed its way back from disaster to complete one of the greatest redemption arcs in gaming history
Opinion News 2
99
6K
EDMIX replied
Blizzard is making significant changes to Diablo 4 next season
News Hype
24
2K
Ogbert replied
Baldur's Gate 3 Patch 6.0 is now live
News
24
2K
Hero of Spielberg replied
Top Bottom