Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
References
Link | Resource |
---|---|
https://github.com/ValveSoftware/GameNetworkingSockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3 | Patch Third Party Advisory |
https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: checkpoint
Published: 2020-12-02T01:01:38
Updated: 2020-12-10T23:20:54
Reserved: 2020-01-07T00:00:00
Link: CVE-2020-6018
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-02T01:15:12.967
Modified: 2022-04-12T16:19:58.543
Link: CVE-2020-6018
JSON object: View
Redhat Information
No data.