Vulnerabilities > CVE-2020-6018 - Out-of-bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
valvesoftware
CWE-787
critical

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.

Common Weakness Enumeration (CWE)