Vulnerabilities > CVE-2020-6017 - Out-Of-Bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
valvesoftware
CWE-787

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.

Common Weakness Enumeration (CWE)