CVE-2020-6016

Name of the Vulnerable Software and Affected Versions Valve's Game Networking Sockets versions prior to v1.2.0

Description The issue arises from the improper handling of unreliable segments with negative offsets in the SNP ReceiveUnreliableSegment() function, leading to a Heap-Based Buffer Underflow. This results in the free() of memory not allocated from the heap, causing memory corruption and potentially allowing for remote code execution.

Recommendations For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the SNP ReceiveUnreliableSegment() function until a patch is available.