CVE-2020-6017

Name of the Vulnerable Software and Affected Versions Valve's Game Networking Sockets versions prior to v1.2.0

Description The issue arises from the improper handling of long unreliable segments in the function SNP ReceiveUnreliableSegment() when configured to support plain-text messages. This leads to a Heap-Based Buffer Overflow, resulting in memory corruption and possibly even remote code execution.

Recommendations For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the support for plain-text messages or restricting the use of the SNP ReceiveUnreliableSegment() function until a patch is available.