CVEs-PoC/2020/CVE-2020-6019.md

### [CVE-2020-6019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6019)
![](https://img.shields.io/static/v1?label=Product&message=Game%20Networking%20Sockets&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-248%3A%20Uncaught%20Exception&color=brighgreen)

### Description

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.

### POC

#### Reference
- https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678

#### Github
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Live-Hack-CVE/CVE-2020-6019
- https://github.com/tzwlhack/Vulnerability