{"id":"CVE-2020-6016","details":"Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.","modified":"2026-04-11T13:53:22.657729Z","published":"2020-11-18T15:15:13.193Z","references":[{"type":"FIX","url":"https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"},{"type":"EVIDENCE","url":"https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/valvesoftware/gamenetworkingsockets","events":[{"introduced":"0"},{"fixed":"5fe10494e27be722d18c443dc70f851541e5d554"},{"fixed":"e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.0"}]}}],"versions":["1.0.0","v1.1.0"],"database_specific":{"vanir_signatures":[{"id":"CVE-2020-6016-52d0820b","signature_version":"v1","deprecated":false,"digest":{"function_hash":"112637649671998602830295864296836629670","length":3309},"target":{"function":"CSteamNetworkConnectionBase::SNP_SendMessage","file":"src/steamnetworkingsockets/clientlib/steamnetworkingsockets_snp.cpp"},"signature_type":"Function","source":"https://github.com/valvesoftware/gamenetworkingsockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"},{"id":"CVE-2020-6016-7b1af979","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["321269182489369124622566113487661786329","80920154446436276881393700258771909905","99451642014212731402900030861664343601","212156970962957643319938129760635817935","82888320182820298267710449986400191106","256878838327911795295036941106393168872","128036264350755610361596517027317797265","71433513258825183082601943240736327061","110759229330255524194951495575569017908","51364348852482573533383862603153250368"]},"target":{"file":"src/steamnetworkingsockets/clientlib/steamnetworkingsockets_snp.cpp"},"signature_type":"Line","source":"https://github.com/valvesoftware/gamenetworkingsockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"},{"id":"CVE-2020-6016-b5b8abe7","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["251576948566354160204301319531849004658","188415917409287245371210503852734197235","296189490786401413231639520329270973772","238557999710553613560904026510566949028","95661933897496180359693539113790153794","297387830692904648968887767366597642298","310748609815854624451707620010794067851","2944924521723733253897263800762691156"]},"target":{"file":"src/steamnetworkingsockets/clientlib/steamnetworkingsockets_snp.h"},"signature_type":"Line","source":"https://github.com/valvesoftware/gamenetworkingsockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"}],"vanir_signatures_modified":"2026-04-11T13:53:22Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6016.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}