Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers.
"An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today. "Potentially even more damaging, attackers could remotely take over third-party developer game servers to execute arbitrary code."
Valve is a popular US-based video game developer and publisher behind the game software distribution platform Steam and several titles such as Half-Life, Counter-Strike, Portal, Day of Defeat, Team Fortress, Left 4 Dead, and Dota.
The four flaws (CVE-2020-6016 through CVE-2020-6019) were uncovered in Valve's Game Networking Sockets (GNS) or Steam Sockets library, an open-sourced networking library that provides a "basic transport layer for games," enabling a mix of UDP and TCP features with support for encryption, greater reliability, and peer-to-peer (P2P) communications.
Steam Sockets is also offered as part of the Steamworks SDK for third-party game developers, with the vulnerabilities found on both Steam servers and on its clients installed on gamers' systems.
The attack hinges on a specific flaw in the packet reassembly mechanism (CVE-2020-6016) and a quirk in C++'s implementation of iterators to send a bunch of malicious packets to a target game server and trigger a heap-based buffer underflow, ultimately causing the server to abort or crash.
Following responsible disclosure to Valve on September 2, 2020, the binary updates containing the fixes were shipped to Valve's game clients and servers on September 17.
But according to Check Point, certain third-party game developers are yet to patch their clients as of December 2.
"Video games have reached an all-time-high during the coronavirus pandemic," Itkin said. "With millions of people currently playing online games, even the slightest security issue can be a serious concern for gaming companies and gamers' privacy. Through the vulnerabilities we found, an attacker could have taken over hundreds of thousands of gamer computers every day, with the victims being completely blind to it."
"Popular online platforms are good harvesting grounds for attackers. Whenever you have millions of users logging into the same place, the power of a strong and reliable exploit raises exponentially."
Check Point said that gamers playing Valve's games through Steam are already protected by the fix, although gamers of third-party games should ensure their game clients received an update in recent months to mitigate the risk associated with the flaw.