CVE ID: CVE-2020-12630, CVE-2020-12631
Type: Denial of Service
Discovered By: Jack Baker
Patch Availability: 2020/05/19
Affected Operating System: All supported platforms
Affected Versions: All
Two out-of-bounds memory issues were identified in the Unity Multiplayer and Networking UNET feature affecting games and applications built with the Unity Editor using UNET. These issues could lead to Denial Of Service (DoS), allowing an attacker to crash the Unity process, and potentially the game or application.
Open a Unity project.
The Unity version is visible in the main window title.
If your version of the Unity Editor is not one of the listed Patch Versions of the Vulnerability Details section above you can continue with the update installation as follows.
To install the update you can use the Unity Editor update checker available in the File menu Help -> Check for Updates.
Additionally, you can download and install the corresponding patch for your version of the Unity Editor. The download links are available in the Patch Versions of the Vulnerability Details section and in the References section.
Once you have updated the Unity Editor, you can move forward with making a new build of your game or application and deploy the new fixed version.