1.1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

valvesoftware

CWE-787

NVD

Published: 2020-12-03

Updated: 2022-04-12

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Valvesoftware Valvesoftware Game Networking Sockets - Valvesoftware Game Networking Sockets 1.0.0 Valvesoftware Game Networking Sockets 1.1.0	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43
https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/