CVE-2020-6019

HIGH

Valve's Game Networking Sockets <v1.2.0 - Memory Corruption

Title source: llm

Description

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.

References (2)

[Patch, Third Party Advisory] https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/

Scores

CVSS v3 7.5

EPSS 0.0672

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-248

Status published

Affected Products (1)

valvesoftware/game_networking_sockets < 1.2.0

Timeline

Published Nov 13, 2020

Tracked Since Feb 18, 2026