1.1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

valvesoftware

NVD

Published: 2020-11-13

Updated: 2022-11-03

Summary

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.

Vulnerable Configurations

Part	Description	Count
Application	Valvesoftware Valvesoftware Game Networking Sockets - Valvesoftware Game Networking Sockets 1.0.0 Valvesoftware Game Networking Sockets 1.1.0	3

References

https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678
https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/