2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-47949" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2022-12-24T23:15:09.010" ,
2025-04-14 20:03:53 +00:00
"lastModified" : "2025-04-14T19:15:33.247" ,
2024-12-08 03:06:42 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022."
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "La clase Nintendo NetworkBuffer, tal como se usa en Animal Crossing: New Horizons anterior a 2.0.6 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un gran paquete UDP que provoca un desbordamiento del b\u00fafer, tambi\u00e9n conocido como ENLBufferPwn. La v\u00edctima deber\u00e1 unirse a una sesi\u00f3n de juego con el atacante. Otros productos afectados incluyen Mario Kart 7 antes de 1.2, Mario Kart 8, Mario Kart 8 Deluxe antes de 2.1.0, ARMS antes de 5.4.1, Splatoon, Splatoon 2 antes de 5.5.1, Splatoon 3 antes de finales de 2022, Super Mario Maker 2 antes de 3.0 .2 y Nintendo Switch Sports antes de finales de 2022."
2023-04-24 12:24:31 +02:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
2024-12-08 03:06:42 +00:00
"source" : "cve@mitre.org" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
2025-04-14 20:03:53 +00:00
"lang" : "en" ,
"value" : "CWE-120"
}
]
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
2023-04-24 12:24:31 +02:00
"lang" : "en" ,
"value" : "CWE-120"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:animal_crossing\\:_new_horizons:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.0.6" ,
"matchCriteriaId" : "5E76851C-D70A-4134-B250-78B99985B211"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:arms:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.4.1" ,
"matchCriteriaId" : "A72CE5AE-CF5F-4C5B-8D68-A9FB5ADD0865"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:mario_kart_7:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.2" ,
"matchCriteriaId" : "B4666B65-0A4C-4B28-A46E-1968E75CDECC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:mario_kart_8:*:*:*:*:deluxe:*:*:*" ,
"versionEndExcluding" : "2.1.0" ,
"matchCriteriaId" : "38F8B32D-954B-462D-993B-26B87A7C7F5A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:mario_kart_8:-:*:*:*:-:*:*:*" ,
"matchCriteriaId" : "19EA5E13-D11B-4573-B089-331124B7B698"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:splatoon:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7BC0FC2B-E2B4-4652-AED5-4481DE5F3A4C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:splatoon_2:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.5.1" ,
"matchCriteriaId" : "B039788D-56ED-4309-A374-D11680FAAFD4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:splatoon_3:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "76E2F213-1EB5-4781-9955-D45556F093E6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:super_mario_maker_2:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.0.2" ,
"matchCriteriaId" : "736316DF-6291-4310-8FB5-F346F4DE2A7E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nintendo:switch_sports:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "55E863A6-6B3B-42C0-B70D-97D13EB23630"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://github.com/PabloMK7/ENLBufferPwn" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://github.com/PabloMK7/ENLBufferPwn" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
