CVE-2020-6018

Name of the Vulnerable Software and Affected Versions Valve's Game Networking Sockets versions prior to v1.2.0

Description The issue arises from the improper handling of long encrypted messages in the AES GCM DecryptContext::Decrypt() function when compiled using libsodium. This leads to a Stack-Based Buffer Overflow, resulting in memory corruption and potentially allowing for remote code execution.

Recommendations For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the AES GCM DecryptContext::Decrypt() function until a patch is available. Restrict access to sensitive areas of the program to minimize the risk of exploitation.