How severe is CVE-2020-6016?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2020-6016?

This is classified as CWE-590, which is a common weakness in software security.

CVE-2020-6016

CRITICAL Year: 2020

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-590

View all →

Vulnerability Description

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.

CVE-2021-42377

CRITICAL

CVSS:9.8(Critical)

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string...

CWE-5902021

CVE-2022-31627

CRITICAL

CVSS:9.8(Critical)

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated...

CWE-5902022

CVE-2025-32911

CRITICAL

CVSS:9.0(Critical)

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the lib...

CWE-5902025

CVE-2022-31625

HIGH

CVSS:8.1(High)

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting...

CWE-5902022