Vulnerabilities > CVE-2020-6017 - Out-of-bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
valvesoftware
CWE-787
critical

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.

Common Weakness Enumeration (CWE)