{"id":"CVE-2020-6017","details":"Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.","modified":"2026-04-11T13:53:22.907497Z","published":"2020-12-03T14:15:11.020Z","references":[{"type":"FIX","url":"https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"},{"type":"EVIDENCE","url":"https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/valvesoftware/gamenetworkingsockets","events":[{"introduced":"0"},{"fixed":"5fe10494e27be722d18c443dc70f851541e5d554"},{"fixed":"e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.0"}]}}],"versions":["1.0.0","v1.1.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"src/steamnetworkingsockets/clientlib/steamnetworkingsockets_snp.cpp","function":"CSteamNetworkConnectionBase::SNP_SendMessage"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/valvesoftware/gamenetworkingsockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43","digest":{"length":3309,"function_hash":"112637649671998602830295864296836629670"},"id":"CVE-2020-6017-52d0820b"},{"deprecated":false,"target":{"file":"src/steamnetworkingsockets/clientlib/steamnetworkingsockets_snp.cpp"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/valvesoftware/gamenetworkingsockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43","digest":{"threshold":0.9,"line_hashes":["321269182489369124622566113487661786329","80920154446436276881393700258771909905","99451642014212731402900030861664343601","212156970962957643319938129760635817935","82888320182820298267710449986400191106","256878838327911795295036941106393168872","128036264350755610361596517027317797265","71433513258825183082601943240736327061","110759229330255524194951495575569017908","51364348852482573533383862603153250368"]},"id":"CVE-2020-6017-7b1af979"},{"deprecated":false,"target":{"file":"src/steamnetworkingsockets/clientlib/steamnetworkingsockets_snp.h"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/valvesoftware/gamenetworkingsockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43","digest":{"threshold":0.9,"line_hashes":["251576948566354160204301319531849004658","188415917409287245371210503852734197235","296189490786401413231639520329270973772","238557999710553613560904026510566949028","95661933897496180359693539113790153794","297387830692904648968887767366597642298","310748609815854624451707620010794067851","2944924521723733253897263800762691156"]},"id":"CVE-2020-6017-b5b8abe7"}],"vanir_signatures_modified":"2026-04-11T13:53:22Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6017.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}