Epic Games Rocket League 1.95 - Stack Buffer Overrun

vendor:
Rocket League
by:
LiquidWorm
7.5
CVSS
HIGH
Stack Buffer Overrun
119
CWE
Product Name: Rocket League
Affected Version From: <=1.95
Affected Version To: 1.95
Patch Exists: NO
Related CWE:
CPE: a:epic_games:rocket_league:1.95
Metasploit:
Other Scripts:
Platforms Tested: Windows
2021
Epic Games Rocket League 1.95 – Stack Buffer Overrun

The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file, which can be exploited to cause a stack buffer overflow when a user crafts the file with a large array of bytes inserted in the vicinity offset after the magic header. Successful exploitation could allow execution of arbitrary code on the affected machine.
Mitigation:

It is recommended to update to a patched version of the game or apply any security patches provided by the vendor.
Source
Exploit-DB raw data:

# Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun
# Date: 25.04.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com

Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun


Vendor: Epic Games Inc. | Psyonix, LLC
Product web page: https://www.epicgames.com
                  https://www.psyonix.com
                  https://www.rocketleague.com
Affected version: <=1.95

Summary: Rocket League is a high-powered hybrid of arcade-style soccer
and vehicular mayhem with easy-to-understand controls and fluid, physics-driven
competition.

Desc: The game suffers from a stack-based buffer overflow vulnerability. The
issue is caused due to a boundary error in the processing of a UPK format file,
which can be exploited to cause a stack buffer overflow when a user crafts the
file with a large array of bytes inserted in the vicinity offset after the magic
header. Successful exploitation could allow execution of arbitrary code on the
affected machine.

Tested on: Microsoft Windows 10


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2021-5651
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5651.php


25.04.2021

--


Craft location: ..\rocketleague\TAGame\CookedPCConsole
Header: C1 83 2A 9E 64 03 1F 00

hat_Headphones_SF.upk:
----------------------
...
...
ModLoad: 00007ff9`99ff0000 00007ff9`9a016000   C:\WINDOWS\system32\ncryptsslp.dll
ModLoad: 00007ff9`32d70000 00007ff9`36a00000   C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e9f7884f9b4f82b9\igd9dxva64.dll
ModLoad: 00007ff9`315b0000 00007ff9`32d68000   C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_d79c53dfaa1cbce3\nvd3dumx.dll
ModLoad: 00000000`00400000 00000000`0041e000   E:\Epic Games\rocketleague\Binaries\Win64\XINPUT1_3.dll
ModLoad: 00007ff9`8dac0000 00007ff9`8db6c000   C:\WINDOWS\SYSTEM32\TextShaping.dll
[0110.33] Log: Timed out while waiting for GPU to catch up. (500 ms)
(62c.1074): Unknown exception - code 00000001 (!!! second chance !!!)
KERNELBASE!RaiseException+0x69:
00007ff9`a0364b59 0f1f440000      nop     dword ptr [rax+rax]
0:024> r
rax=00007ff99feeb925 rbx=0000000000000000 rcx=0000000000000000
rdx=000000214edfe8b0 rsi=000000214edfef50 rdi=000000214edfe700
rip=00007ff9a0364b59 rsp=000000214edfef30 rbp=0000000000000000
 r8=000000214edfedb0  r9=0000000000000000 r10=00000000000000c0
r11=000000214edfee2e r12=0000000000000000 r13=00007ff776205bb0
r14=00007ff776dab710 r15=000000214edff8a0
iopl=0         nv up ei pl nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000204
KERNELBASE!RaiseException+0x69:
00007ff9`a0364b59 0f1f440000      nop     dword ptr [rax+rax]
0:024> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for E:\Epic Games\rocketleague\Binaries\Win64\EOSSDK-Win64-Shipping.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_d79c53dfaa1cbce3\nvwgf2umx.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\Overlay\EOSOVH-Win64-Shipping.dll - 
GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2
DUMP_QUALIFIER: 0

FAULTING_IP: 
KERNELBASE!RaiseException+69
00007ffe`d4d64b59 0f1f440000      nop     dword ptr [rax+rax]

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffed4d64b59 (KERNELBASE!RaiseException+0x0000000000000069)
   ExceptionCode: 00000001
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  00000490
DEFAULT_BUCKET_ID:  APPLICATION_FAULT
PROCESS_NAME:  RocketLeague.exe
ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1
EXCEPTION_CODE: (Win32) 0x1 (1) - Incorrect function.
EXCEPTION_CODE_STR:  1
WATSON_BKT_PROCSTAMP:  606f6afa
WATSON_BKT_PROCVER:  1.0.10897.0
PROCESS_VER_PRODUCT:  Rocket League
WATSON_BKT_MODULE:  KERNELBASE.dll
WATSON_BKT_MODSTAMP:  2f2f77bf
WATSON_BKT_MODOFFSET:  34b59
WATSON_BKT_MODVER:  10.0.19041.906
MODULE_VER_PRODUCT:  Microsoft® Windows® Operating System
BUILD_VERSION_STRING:  10.0.19041.928 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH:  ac197712fdc57f2bb67f9b17107e5701c93b4362
MODLIST_SHA1_HASH:  342698e051c108fd7be71346f5d34f8a14c38381
NTGLOBALFLAG:  0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS:  0
PRODUCT_TYPE:  1
SUITE_MASK:  784
DUMP_TYPE:  fe
ANALYSIS_SESSION_HOST:  LAB17
ANALYSIS_SESSION_TIME:  04-25-2021 13:23:34.0003
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
THREAD_ATTRIBUTES: 
OS_LOCALE:  ENU

PROBLEM_CLASSES: 

    ID:     [0n308]
    Type:   [APPLICATION_FAULT]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [Unspecified]
    Frame:  [0]

BUGCHECK_STR:  APPLICATION_FAULT
PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
LAST_CONTROL_TRANSFER:  from 00007ff78f1cbf65 to 00007ffed4d64b59

STACK_TEXT:  
00000089`23dfe910 00007ff7`8f1cbf65 : 00007ff7`9123b710 00000000`000002f8 00007ff7`906e5190 00000089`23dfea20 : KERNELBASE!RaiseException+0x69
00000089`23dfe9f0 00007ff7`8f190215 : 00000089`23dff710 00000089`23dff5d0 00000089`23dff710 00007ffe`d72ee25f : RocketLeague!GetOutermost+0x29245
00000089`23dff250 00007ff7`8f123466 : 00000089`23dff710 00007ff7`906eb668 00000199`6cf33e40 00000089`23dfe828 : RocketLeague!AK::MusicEngine::Term+0xfce95
00000089`23dff4d0 00007ff7`8f1297f9 : 0000019a`00000001 00000000`00000000 00000089`23dff770 00000199`00000001 : RocketLeague!AK::MusicEngine::Term+0x900e6
00000089`23dff6d0 00007ff7`8f1d1e40 : 00000000`00000001 00000000`00000001 0000019a`00000000 00000199`6d26ffd0 : RocketLeague!AK::MusicEngine::Term+0x96479
00000089`23dff850 00007ffe`d6297034 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : RocketLeague!Scaleform::System::Init+0x11c0
00000089`23dff880 00007ffe`d7302651 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
00000089`23dff8b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

THREAD_SHA1_HASH_MOD_FUNC:  b03d2da27c20caaf2a76cdae45ff251160c76115
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  ff5c11b082c48239ef2666814fc4e06663a8c892
THREAD_SHA1_HASH_MOD:  96a23e97d7538141fe1b904de60919531df8b505

FOLLOWUP_IP: 
RocketLeague!GetOutermost+29245
00007ff7`8f1cbf65 eb13            jmp     RocketLeague!GetOutermost+0x2925a (00007ff7`8f1cbf7a)

FAULT_INSTR_CODE:  8b4813eb
SYMBOL_STACK_INDEX:  1
SYMBOL_NAME:  rocketleague!GetOutermost+29245
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: RocketLeague
IMAGE_NAME:  RocketLeague.exe
DEBUG_FLR_IMAGE_TIMESTAMP:  606f6afa
STACK_COMMAND:  ~24s ; .cxr ; kb
FAILURE_BUCKET_ID:  APPLICATION_FAULT_1_RocketLeague.exe!GetOutermost
BUCKET_ID:  APPLICATION_FAULT_rocketleague!GetOutermost+29245
FAILURE_EXCEPTION_CODE:  1
FAILURE_IMAGE_NAME:  RocketLeague.exe
BUCKET_ID_IMAGE_STR:  RocketLeague.exe
FAILURE_MODULE_NAME:  RocketLeague
BUCKET_ID_MODULE_STR:  RocketLeague
FAILURE_FUNCTION_NAME:  GetOutermost
BUCKET_ID_FUNCTION_STR:  GetOutermost
BUCKET_ID_OFFSET:  29245
BUCKET_ID_MODTIMEDATESTAMP:  606f6afa
BUCKET_ID_MODCHECKSUM:  251425f
BUCKET_ID_MODVER_STR:  1.0.10897.0
BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_
FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
FAILURE_SYMBOL_NAME:  RocketLeague.exe!GetOutermost
WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/RocketLeague.exe/1.0.10897.0/606f6afa/KERNELBASE.dll/10.0.19041.906/2f2f77bf/1/00034b59.htm?Retriage=1
TARGET_TIME:  2021-04-25T11:23:44.000Z
OSBUILD:  19042
OSSERVICEPACK:  928
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE:  x64
OSNAME:  Windows 10
OSEDITION:  Windows 10 WinNt SingleUserTS Personal
USER_LCID:  0
OSBUILD_TIMESTAMP:  2022-01-18 11:29:28
BUILDDATESTAMP_STR:  160101.0800
BUILDLAB_STR:  WinBuild
BUILDOSVER_STR:  10.0.19041.928
ANALYSIS_SESSION_ELAPSED_TIME:  795d
ANALYSIS_SOURCE:  UM
FAILURE_ID_HASH_STRING:  um:application_fault_1_rocketleague.exe!getoutermost
FAILURE_ID_HASH:  {ee1c73f7-ce6b-9e4a-8e1b-66937ecee43c}
Followup:     MachineOwner
...
...

(aa0.3818): Unknown exception - code 00000001 (first chance)
(aa0.3818): Unknown exception - code 00000001 (!!! second chance !!!)
KERNELBASE!RaiseException+0x69:
00007ffe`d4d64b59 0f1f440000      nop     dword ptr [rax+rax]
0:024> g
[0188.65] Warning: Warning, Detected data corruption [header] trying to read 2549 bytes at offset 135132 from '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'. Please delete file and recook.
[0188.65] Critical: appError called: I/O failure operating on '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'
[0188.65] Critical: Windows GetLastError: The operation completed successfully. (0)
[0188.65] Warning: Warning, Detected data corruption [undershoot] trying to read 2549 bytes at offset 135132 from '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'. Please delete file and recook.
[0188.65] Critical: Error reentered: I/O failure operating on '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'
[0188.65] Warning: Warning, Detected data corruption [incorrect uncompressed size] calculated 1094795585 bytes, requested 2549 bytes at offset 135132 from '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'. Please delete file and recook.
[0188.65] Critical: Error reentered: I/O failure operating on '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'
[0188.66] DevBeacon: FWebSocket::ReadCloseReason this=000002B686633200 received opcode CLOSE. Code=1000 Reason=IdleTimeout
[0188.66] DevOnline: EOSSDK-LogEOS: Large tick time detected 22.5409



hat_peanut_SF.upk:
------------------
...
...
0:077> g
(3568.230c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
VCRUNTIME140!memcmp+0xee:
00007ffe`afc812de f3a4            rep movs byte ptr [rdi],byte ptr [rsi]
0:000> r
rax=0000009852afeaf8 rbx=000001a1cc362268 rcx=ffffffff9c71eae4
rdx=0000010951ea4107 rsi=000001a1a49a4107 rdi=0000009852b00000
rip=00007ffeafc812de rsp=0000009852afe9c8 rbp=ffffffff9c71ffec
 r8=ffffffff9c71ffec  r9=00000000000000ff r10=000001a1a49a2bff
r11=0000009852afeaf8 r12=0000000000000000 r13=0000000000000000
r14=0000009852afeaf8 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
VCRUNTIME140!memcmp+0xee:
00007ffe`afc812de f3a4            rep movs byte ptr [rdi],byte ptr [rsi]
0:000> g
(3568.230c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE 
RocketLeague!AK::MemoryMgr::GetPoolName+0x84164:
00007ff6`4a660424 cd29            int     29h
0:000> .exr -1
ExceptionAddress: 00007ff64a660424 (RocketLeague!AK::MemoryMgr::GetPoolName+0x0000000000084164)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000002
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE 
0:000> u 00007ff64a660424
RocketLeague!AK::MemoryMgr::GetPoolName+0x84164:
00007ff6`4a660424 cd29            int     29h
00007ff6`4a660426 488d0d3303f600  lea     rcx,[RocketLeague!AK::IAkStreamMgr::m_pStreamMgr+0x1d678 (00007ff6`4b5c0760)]
00007ff6`4a66042d e8ca010000      call    RocketLeague!AK::MemoryMgr::GetPoolName+0x8433c (00007ff6`4a6605fc)
00007ff6`4a660432 488b442438      mov     rax,qword ptr [rsp+38h]
00007ff6`4a660437 4889051a04f600  mov     qword ptr [RocketLeague!AK::IAkStreamMgr::m_pStreamMgr+0x1d770 (00007ff6`4b5c0858)],rax
00007ff6`4a66043e 488d442438      lea     rax,[rsp+38h]
00007ff6`4a660443 4883c008        add     rax,8
00007ff6`4a660447 488905aa03f600  mov     qword ptr [RocketLeague!AK::IAkStreamMgr::m_pStreamMgr+0x1d710 (00007ff6`4b5c07f8)],rax
0:000> kb 10
 # RetAddr               : Args to Child                                                           : Call Site
00 00007ff6`4a65fdcf     : efaf2d5d`3bda668e 00000000`00000000 00000098`52afe090 00000098`52afe080 : RocketLeague!AK::MemoryMgr::GetPoolName+0x84164
01 00007ffe`d735207f     : 00007ff6`4a65fdbc 00000000`00000000 00000000`00000000 00000000`00000000 : RocketLeague!AK::MemoryMgr::GetPoolName+0x83b0f
02 00007ffe`d7301454     : 00000000`00000000 00000098`52afe070 00000098`52afe730 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
03 00007ffe`d7350bae     : 3f400000`3f000000 3f800000`3f800000 000001a1`cc362268 44160000`44bb8000 : ntdll!RtlDispatchException+0x244
04 00007ffe`afc812de     : 00000000`00000000 000001a1`cc3560c0 00007ff6`4948a38b 000001a1`cc362268 : ntdll!KiUserExceptionDispatch+0x2e
05 00007ff6`4948a38b     : 000001a1`cc362268 00000098`52afea40 00000098`52afea40 000001a1`cc362268 : VCRUNTIME140!memcpy_repmovs+0xe [d:\agent\_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm @ 114] 
06 00007ff6`494fe648     : 000001a1`cc362268 00000098`52afead8 00002215`1710d82a 00007ff6`00000003 : RocketLeague!AK::MusicEngine::Term+0x9700b
07 00007ff6`494e3e65     : 000001a1`cc362080 00000098`52afead8 00000000`00000000 00000000`00000001 : RocketLeague!AK::MusicEngine::Term+0x10b2c8
08 fab8446d`6e5edd60     : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : RocketLeague!AK::MusicEngine::Term+0xf0ae5
09 efaf2dc5`69758c3e     : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0a fab8446d`6e5edd60     : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : 0xefaf2dc5`69758c3e
0b efaf2dc5`69758c3e     : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0c fab8446d`6e5edd60     : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : 0xefaf2dc5`69758c3e
0d efaf2dc5`69758c3e     : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0e fab8446d`6e5edd60     : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : 0xefaf2dc5`69758c3e
0f efaf2dc5`69758c3e     : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0:000> !analyze -m
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 5640

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 6467

    Key  : Analysis.Init.CPU.mSec
    Value: 400749

    Key  : Analysis.Init.Elapsed.mSec
    Value: 1699165

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 261

    Key  : FailFast.Name
    Value: STACK_COOKIE_CHECK_FAILURE

    Key  : FailFast.Type
    Value: 2

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 215108

    Key  : Timeline.Process.Start.DeltaSec
    Value: 1744

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

    Key  : WER.Process.Version
    Value: 1.0.10897.0


NTGLOBALFLAG:  0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS:  0

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff64a660424 (RocketLeague!AK::MemoryMgr::GetPoolName+0x0000000000084164)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000002
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE 

FAULTING_THREAD:  0000230c
PROCESS_NAME:  RocketLeague.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR:  c0000409
EXCEPTION_PARAMETER1:  0000000000000002

STACK_TEXT:  
00000098`52afda90 00007ff6`4a65fdcf     : efaf2d5d`3bda668e 00000000`00000000 00000098`52afe090 00000098`52afe080 : RocketLeague!AK::MemoryMgr::GetPoolName+0x84164
00000098`52afdad0 00007ffe`d735207f     : 00007ff6`4a65fdbc 00000000`00000000 00000000`00000000 00000000`00000000 : RocketLeague!AK::MemoryMgr::GetPoolName+0x83b0f
00000098`52afdb00 00007ffe`d7301454     : 00000000`00000000 00000098`52afe070 00000098`52afe730 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
00000098`52afdb30 00007ffe`d7350bae     : 3f400000`3f000000 3f800000`3f800000 000001a1`cc362268 44160000`44bb8000 : ntdll!RtlDispatchException+0x244
00000098`52afe240 00007ffe`afc812de     : 00000000`00000000 000001a1`cc3560c0 00007ff6`4948a38b 000001a1`cc362268 : ntdll!KiUserExceptionDispatch+0x2e
00000098`52afe9c8 00007ff6`4948a38b     : 000001a1`cc362268 00000098`52afea40 00000098`52afea40 000001a1`cc362268 : VCRUNTIME140!memcpy_repmovs+0xe
00000098`52afe9e0 00007ff6`494fe648     : 000001a1`cc362268 00000098`52afead8 00002215`1710d82a 00007ff6`00000003 : RocketLeague!AK::MusicEngine::Term+0x9700b
00000098`52afea20 00007ff6`494e3e65     : 000001a1`cc362080 00000098`52afead8 00000000`00000000 00000000`00000001 : RocketLeague!AK::MusicEngine::Term+0x10b2c8
00000098`52afeab0 fab8446d`6e5edd60     : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : RocketLeague!AK::MusicEngine::Term+0xf0ae5
...
...

STACK_COMMAND:  ~0s ; .cxr ; kb
SYMBOL_NAME:  RocketLeague!AK::MemoryMgr::GetPoolName+84164
MODULE_NAME: RocketLeague
IMAGE_NAME:  RocketLeague.exe
FAILURE_BUCKET_ID:  FAIL_FAST_STACK_BUFFER_OVERRUN_STACK_COOKIE_CHECK_FAILURE_MISSING_GSFRAME_c0000409_RocketLeague.exe!AK::MemoryMgr::GetPoolName
OS_VERSION:  10.0.19041.1
BUILDLAB_STR:  vb_release
OSPLATFORM_TYPE:  x64
OSNAME:  Windows 10
IMAGE_VERSION:  1.0.10897.0
FAILURE_ID_HASH:  {3e6f3f5b-25bb-68b3-2a5b-232743df7884}
Followup:     MachineOwner