Vulnerability Details CVE-2020-6019
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.087
EPSS Ranking 92.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/
Products affected by CVE-2020-6019
-
cpe:2.3:a:valvesoftware:game_networking_sockets:-
-
cpe:2.3:a:valvesoftware:game_networking_sockets:1.0.0
-
cpe:2.3:a:valvesoftware:game_networking_sockets:1.1.0