CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
72.4%
The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.
Vendor | Product | Version | CPE |
---|---|---|---|
nintendo | animal_crossing\ | _new_horizons | cpe:2.3:a:nintendo:animal_crossing\:_new_horizons:*:*:*:*:*:*:*:* |
nintendo | arms | * | cpe:2.3:a:nintendo:arms:*:*:*:*:*:*:*:* |
nintendo | mario_kart_7 | * | cpe:2.3:a:nintendo:mario_kart_7:*:*:*:*:*:*:*:* |
nintendo | mario_kart_8 | * | cpe:2.3:a:nintendo:mario_kart_8:*:*:*:*:deluxe:*:*:* |
nintendo | mario_kart_8 | - | cpe:2.3:a:nintendo:mario_kart_8:-:*:*:*:-:*:*:* |
nintendo | splatoon | * | cpe:2.3:a:nintendo:splatoon:*:*:*:*:*:*:*:* |
nintendo | splatoon_2 | * | cpe:2.3:a:nintendo:splatoon_2:*:*:*:*:*:*:*:* |
nintendo | splatoon_3 | * | cpe:2.3:a:nintendo:splatoon_3:*:*:*:*:*:*:*:* |
nintendo | super_mario_maker_2 | * | cpe:2.3:a:nintendo:super_mario_maker_2:*:*:*:*:*:*:*:* |
nintendo | switch_sports | * | cpe:2.3:a:nintendo:switch_sports:*:*:*:*:*:*:*:* |