Vulnerabilities > CVE-2020-6018 - Out-Of-Bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
valvesoftware
CWE-787

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.

Common Weakness Enumeration (CWE)