Critical flaws in a core networking library powering Valve’s online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected 3rd-party game servers.
“An attacker could remotely crash an opponent’s game client to force a win or even perform a ‘nuclear rage quit’ and crash the Valve game server to end the game completely,” Check Point Research’s Eyal Itkin noted in an analysis published today. “Potentially even more damaging, attackers could remotely take over third-party developer game servers to execute arbitrary code.”
Valve is a popular US-based video game developer and publisher behind the game software distribution platform Steam and several titles such as Half-Life, Counter-Strike, Portal, Day of Defeat, Team Fortress, Left 4 Dead, and Dota.
The four flaws (CVE-2020-6016 through CVE-2020-6019) were uncovered in Valve’s Game Networking Sockets (GNS) or Steam Sockets library, an open-sourced networking library that provides a “basic transport layer for games,” enabling a mix of UDP and TCP features with support for encryption, greater reliability, and peer-to-peer (P2P) communications.
Steam Sockets is also offered…