CVE-2022-47949
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
24/12/2022
Last modified:
06/01/2023
Description
The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nintendo:animal_crossing\:_new_horizons:*:*:*:*:*:*:*:* | 2.0.6 (excluding) | |
| cpe:2.3:a:nintendo:arms:*:*:*:*:*:*:*:* | 5.4.1 (excluding) | |
| cpe:2.3:a:nintendo:mario_kart_7:*:*:*:*:*:*:*:* | 1.2 (excluding) | |
| cpe:2.3:a:nintendo:mario_kart_8:*:*:*:*:deluxe:*:*:* | 2.1.0 (excluding) | |
| cpe:2.3:a:nintendo:mario_kart_8:-:*:*:*:-:*:*:* | ||
| cpe:2.3:a:nintendo:splatoon:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nintendo:splatoon_2:*:*:*:*:*:*:*:* | 5.5.1 (excluding) | |
| cpe:2.3:a:nintendo:splatoon_3:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nintendo:super_mario_maker_2:*:*:*:*:*:*:*:* | 3.0.2 (excluding) | |
| cpe:2.3:a:nintendo:switch_sports:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page