Vulnerabilities > CVE-2020-6016 - Out-Of-Bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
valvesoftware
CWE-787
critical

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.

Common Weakness Enumeration (CWE)