SB2020121102 - Multiple vulnerabilities in Valve Game Networking Sockets
Published: December 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2020-6016)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the SNP_ReceiveUnreliableSegment() function. A remote attacker can send specially crafted packets to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2020-6017)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the SNP_ReceiveUnreliableSegment(), when configured to support plain-text messages. A remote attacker can send specially crafted packets to the application, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Stack-based buffer overflow (CVE-ID: CVE-2020-6018)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing long encrypted messages within the AES_GCM_DecryptContext::Decrypt() function. A remote unauthenticated attacker can send specially crafted messages to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Input validation error (CVE-ID: CVE-2020-6019)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of inlined statistic messages within the CConnectionTransportUDPBase::Received_Data() function. A remote attacker can pass specially crafted input to the gaming server and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43
- https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678