Lucene search

MitreCVE-2022-47949

HistoryDec 24, 2022 - 11:15 p.m.

CVE-2022-47949

2022-12-2423:15:09

CWE-120

mitre

web.nvd.nist.gov

nintendo

networkbuffer

enlbufferpwn

udp

security vulnerability

cve-2022-47949

animal crossing

mario kart

splatoon

super mario maker

nintendo switch sports

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

72.4%

JSON

The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.

Affected configurations

Nvd

Node

nintendoanimal_crossing\Match_new_horizons

nintendoarmsRange<5.4.1

nintendomario_kart_7Range<1.2

nintendomario_kart_8Range<2.1.0deluxe

nintendomario_kart_8Match--

nintendosplatoon

nintendosplatoon_2Range<5.5.1

nintendosplatoon_3

nintendosuper_mario_maker_2Range<3.0.2

nintendoswitch_sports

VendorProductVersionCPE
nintendoanimal_crossing\_new_horizonscpe:2.3:a:nintendo:animal_crossing\:_new_horizons:*:*:*:*:*:*:*:*
nintendoarms*cpe:2.3:a:nintendo:arms:*:*:*:*:*:*:*:*
nintendomario_kart_7*cpe:2.3:a:nintendo:mario_kart_7:*:*:*:*:*:*:*:*
nintendomario_kart_8*cpe:2.3:a:nintendo:mario_kart_8:*:*:*:*:deluxe:*:*:*
nintendomario_kart_8-cpe:2.3:a:nintendo:mario_kart_8:-:*:*:*:-:*:*:*
nintendosplatoon*cpe:2.3:a:nintendo:splatoon:*:*:*:*:*:*:*:*
nintendosplatoon_2*cpe:2.3:a:nintendo:splatoon_2:*:*:*:*:*:*:*:*
nintendosplatoon_3*cpe:2.3:a:nintendo:splatoon_3:*:*:*:*:*:*:*:*
nintendosuper_mario_maker_2*cpe:2.3:a:nintendo:super_mario_maker_2:*:*:*:*:*:*:*:*
nintendoswitch_sports*cpe:2.3:a:nintendo:switch_sports:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nintendo	animal_crossing\	_new_horizons	cpe:2.3:a:nintendo:animal_crossing\:_new_horizons::::::::
nintendo	arms	*	cpe:2.3:a:nintendo:arms::::::::
nintendo	mario_kart_7	*	cpe:2.3:a:nintendo:mario_kart_7::::::::
nintendo	mario_kart_8	*	cpe:2.3:a:nintendo:mario_kart_8:::::deluxe:::*
nintendo	mario_kart_8	-	cpe:2.3:a:nintendo:mario_kart_8:-::::-:::
nintendo	splatoon	*	cpe:2.3:a:nintendo:splatoon::::::::
nintendo	splatoon_2	*	cpe:2.3:a:nintendo:splatoon_2::::::::
nintendo	splatoon_3	*	cpe:2.3:a:nintendo:splatoon_3::::::::
nintendo	super_mario_maker_2	*	cpe:2.3:a:nintendo:super_mario_maker_2::::::::
nintendo	switch_sports	*	cpe:2.3:a:nintendo:switch_sports::::::::

References

github.com/PabloMK7/ENLBufferPwn

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

72.4%

JSON

Related for CVE-2022-47949