Vulnerability Description
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Valvesoftware | Game Networking Sockets | < 1.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bPatchThird Party Advisory
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-sExploitThird Party Advisory
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bPatchThird Party Advisory
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-sExploitThird Party Advisory
FAQ
What is CVE-2020-6019?
CVE-2020-6019 is a vulnerability with a CVSS score of 7.5 (HIGH). Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from lib...
How severe is CVE-2020-6019?
CVE-2020-6019 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6019?
Check the references section above for vendor advisories and patch information. Affected products include: Valvesoftware Game Networking Sockets.