ValveSoftware/GameNetworkingSockets

ValveSoftware/GameNetworkingSockets

Releases9

Frequency10 months 3 weeks

Last Release about 14 hours ago

Stars9.66K

Reliable & unreliable messages over UDP. Robust message fragmentation & reassembly. P2P networking / NAT traversal. Encryption.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-6017 ↗	Dec 3, 2020Thursday, 3 December 2020, 14:15	9.8 CRITICAL	7.5 HIGH
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
CVE-2020-6018 ↗	Dec 2, 2020Wednesday, 2 December 2020, 01:15	9.8 CRITICAL	7.5 HIGH
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
CVE-2020-6016 ↗	Nov 18, 2020Wednesday, 18 November 2020, 15:15	9.8 CRITICAL	10 HIGH
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.
CVE-2020-6019 ↗	Nov 13, 2020Friday, 13 November 2020, 16:15	7.5 HIGH	5 MEDIUM
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.