CVE-2023-35856

Published: Jun 19, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.

Affected (4)

Products: Nintendo: Mario Kart Wii

Nintendo

1 product

Mario Kart Wii

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Nintendo Mario Kart Wii	Version rmce01
Nintendo Mario Kart Wii	Version rmcj01
Nintendo Mario Kart Wii	Version rmck01
Nintendo Mario Kart Wii	Version rmcp01

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution

Source: cve@mitre.org

Exploit

https://github.com/MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.