Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-6019: Tweak pointer math to avoid possible integer overflow · ValveSoftware/GameNetworkingSockets@d944a10

Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.

CVE
#perl

@@ -840,9 +840,9 @@ void CConnectionTransportUDPBase::Received_Data( const uint8 *pPkt, int cbPkt, S

ReportBadUDPPacketFromConnectionPeer( "DataPacket", “Failed to varint decode size of stats blob” );

return;

}

if ( pIn + cbStatsMsgIn > pPktEnd )

if ( cbStatsMsgIn > pPktEnd - pIn )

{

ReportBadUDPPacketFromConnectionPeer( "DataPacket", "stats message size doesn’t make sense. Stats message size %d, packet size %d", cbStatsMsgIn, cbPkt );

ReportBadUDPPacketFromConnectionPeer( "DataPacket", "stats message size doesn’t make sense. Stats message size %u, packet size %d", cbStatsMsgIn, cbPkt );

return;

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907