Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AESGCMDecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
[
{
"id": "CVE-2020-6018-702ebceb",
"target": {
"file": "src/common/crypto_libsodium.cpp"
},
"signature_version": "v1",
"source": "https://github.com/valvesoftware/gamenetworkingsockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3",
"signature_type": "Line",
"digest": {
"line_hashes": [
"52691826167457112983503260961091026559",
"59204750815037251694094423752510544309",
"279076421485059480042245693453961181727",
"88392938568156394113758394813796740600",
"148307562868202614789858736052206955465",
"62974124456999014022672169008229187834",
"39856459862302572172127681122008364988",
"283902811648819916949251177167661882745",
"167214140082607794366283767026040314558",
"154240327021194259080724312047976054",
"17318550766505549032601864229319008504",
"80376689745879336645902742434551085576",
"120477275188369119011041291152099845779",
"330309891247341019875152988578956994517",
"27498847957549980932223577273222385510",
"131492568894440567065655225415270919179",
"123598239998409716657833016213004277998",
"109336286601377474600046040659048862700",
"23305926315217028414810524080729230449",
"46319120820134205357889291891654997610",
"324868010669695469711659417035132498495",
"279362571597481890134149311276467041918"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2020-6018-cb20f4a0",
"target": {
"function": "AES_GCM_EncryptContext::Encrypt",
"file": "src/common/crypto_libsodium.cpp"
},
"signature_version": "v1",
"source": "https://github.com/valvesoftware/gamenetworkingsockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3",
"signature_type": "Function",
"digest": {
"function_hash": "252413261951960031412694176005296652096",
"length": 519.0
},
"deprecated": false
},
{
"id": "CVE-2020-6018-ee7d52df",
"target": {
"function": "AES_GCM_DecryptContext::Decrypt",
"file": "src/common/crypto_libsodium.cpp"
},
"signature_version": "v1",
"source": "https://github.com/valvesoftware/gamenetworkingsockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3",
"signature_type": "Function",
"digest": {
"function_hash": "309241837407405954771850089554763267213",
"length": 531.0
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6018.json"
"2026-04-11T13:53:23Z"