CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6018
https://notcve.org/view.php?id=CVE-2020-6018
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. Game Networking Sockets de Valve anterior a versión v1.2.0 manejan incorrectamente los mensajes cifrados largos en la función AES_GCM_DecryptContext::Decrypt() cuando se compilan usando libsodium, lo que conlleva a un Desbordamiento de Búfer en la Región Stack de la Memoria y resultando en una corrupción de la memoria y incluso posiblemente una ejecución de código remota • https://github.com/ValveSoftware/GameNetworkingSockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3 https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-6016
https://notcve.org/view.php?id=CVE-2020-6016
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. Game Networking Sockets de Valve versiones anteriores a v1.2.0, manejan inapropiadamente segmentos no confiables con compensaciones negativas en la función SNP_ReceiveUnreliableSegment(), conllevando a un subdesbordamiento de búfer en la región heap de la memoria y una free() de memoria que no proviene de la pila, resultando en una corrupción de memoria y probablemente incluso una ejecución de código remota • https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43 https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets • CWE-590: Free of Memory not on the Heap CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6019
https://notcve.org/view.php?id=CVE-2020-6019
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash. Game Networking Sockets de Valve versiones anteriores a v1.2.0, maneja inapropiadamente unos mensajes de estadísticas en línea en la función CConnectionTransportUDPBase::Received_Data(), conllevando a una excepción lanzada desde libprotobuf y resultando en un bloqueo • https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678 https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15530
https://notcve.org/view.php?id=CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks. Se detectó un problema en Valve Steam Client 2.10.91.91. El instalador permite a usuarios locales obtener privilegios NT AUTHORITY\SYSTEM porque algunas partes de %PROGRAMFILES(X86)%\Steam y/o %COMMONPROGRAMFILES(X86)%\Steam presentan permisos débiles durante una ventana de tiempo crítica. • http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-12242 – Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-12242
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. Valve Source, permite a usuarios locales alcanzar privilegios al escribir en el archivo /tmp/hl2_relaunch, que posteriormente es ejecutado en el contexto de una cuenta de usuario diferente. • https://www.exploit-db.com/exploits/48387 https://0xem.ma/cve/2020/04/28/Source-hl2-relaunch-exec.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •