Valve, a video game developing company, has fixed four critical flaws on Steam, its popular online video game platform. If exploited, these vulnerabilities would allow remote threat actors to block the client from rivals, take control of their devices and any computer connected to a third-party server.
Steam is a video game service used by more than 25 million users, offering popular titles such as Counter Strike: Global Offensive, Dota2 and Half Life.
The flaws, revealed last Thursday, reside in Steam Sockets, Steam’s network library. This library is part of a set of tools designed for developers.
The flaws were reported to Valve last September, so the company was able to implement the necessary fixes as soon as possible. Experts mentioned that in order to apply security patches, Steam users had to install the update before releasing a game.
As already mentioned the first two flaws, tracked as CVE-2020-6016 and CVE-2020-6017, received a score of 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale, while the remaining two flaws received scores of 7.5/10.
- CVE-2020-6016 exists because Steam Sockets incorrectly manages “untrusted segments” in the SNP_ReceiveUnreliableSegment() function. This can lead to a heap-based buffer overflow, experts mention
- CVE-2020-6017 exists because SNP_ReceiveUnreliableSegment() incorrectly handles untrusted long segments when configured to support plain text messages, leading to a heap-based buffer overflow
- CVE-2020-6018 exists due to inadequate handling of long encrypted messages in the AES_GCM_DecryptContext:Decrypt() function, leading to a stack-based buffer overflow
- CVE-2020-6019 exists because CConnectionTransportUDPBase::Received_Data() incorrectly handles online statistical messages
Threat actors would need to be connected to a target server to exploit the vulnerabilities. Subsequently, the exploit will be launched by sending malicious packages to the attacked users; a successful attack requires no interaction from the attacked users.
Researchers recommend valve users make sure to install all updates released by the company, as non-updated system is highly vulnerable to this attack variant.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.