Vulnerabilities > CVE-2020-6017 - Out-of-bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/