CVE-2022-47949

Published: Dic 24, 2022 Last Modified: Apr 14, 2025

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,5203

Percentile

1,0th

Updated

EPSS Score Trend (Last 91 Days)

120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu)

Applicable Platforms

Languages: Assembly, C, C++, Memory-Unsafe

Likelihood of Exploit: High

View CWE Details

Application

Mario Kart 8 by Nintendo

Product Information

Vendor Nintendo

Product Mario Kart 8

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:mario_kart_8:-:*:*:*:-:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Mario Kart 8 by Nintendo

Product Information

Vendor Nintendo

Product Mario Kart 8

Version Range Affected

To 2.1.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:mario_kart_8:*:*:*:*:deluxe:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Switch Sports by Nintendo

Product Information

Vendor Nintendo

Product Switch Sports

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:switch_sports:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Animal Crossing\ by Nintendo

Product Information

Vendor Nintendo

Product Animal Crossing\

Version _new_horizons

Version Range Affected

To 2.0.6 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:animal_crossing\:_new_horizons:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Super Mario Maker 2 by Nintendo

Product Information

Vendor Nintendo

Product Super Mario Maker 2

Version Range Affected

To 3.0.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:super_mario_maker_2:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Splatoon 3 by Nintendo

Product Information

Vendor Nintendo

Product Splatoon 3

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:splatoon_3:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Splatoon by Nintendo

Product Information

Vendor Nintendo

Product Splatoon

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:splatoon:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Arms by Nintendo

Product Information

Vendor Nintendo

Product Arms

Version Range Affected

To 5.4.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:arms:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Splatoon 2 by Nintendo

Product Information

Vendor Nintendo

Product Splatoon 2

Version Range Affected

To 5.5.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:splatoon_2:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Mario Kart 7 by Nintendo

Product Information

Vendor Nintendo

Product Mario Kart 7

Version Range Affected

To 1.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:nintendo:mario_kart_7:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/PabloMK7/ENLBufferPwn

Exploit Third Party Advisory

https://github.com/PabloMK7/ENLBufferPwn

Exploit Third Party Advisory

https://github.com/PabloMK7/ENLBufferPwn

CVE-2022-47949

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Common Consequences

Applicable Platforms

Mario Kart 8 by Nintendo

Product Information

Mario Kart 8 by Nintendo

Product Information

Switch Sports by Nintendo

Product Information

Animal Crossing\ by Nintendo

Product Information

Super Mario Maker 2 by Nintendo

Product Information

Splatoon 3 by Nintendo

Product Information

Splatoon by Nintendo

Product Information

Arms by Nintendo

Product Information

Splatoon 2 by Nintendo

Product Information

Mario Kart 7 by Nintendo

Product Information

Iscriviti alla newsletter