CVE-2022-47949

Name of the Vulnerable Software and Affected Versions Animal Crossing: New Horizons versions prior to 2.0.6 Mario Kart 7 versions prior to 1.2 Mario Kart 8 Deluxe versions prior to 2.1.0 ARMS versions prior to 5.4.1 Splatoon 2 versions prior to 5.5.1 Splatoon 3 versions prior to late 2022 Super Mario Maker 2 versions prior to 3.0.2 Nintendo Switch Sports versions prior to late 2022 Mario Kart 8 (affected versions not specified) Splatoon (affected versions not specified)

Description The Nintendo NetworkBuffer class allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow. The victim must join a game session with the attacker.

Recommendations For Animal Crossing: New Horizons versions prior to 2.0.6, update to version 2.0.6 or later. For Mario Kart 7 versions prior to 1.2, update to version 1.2 or later. For Mario Kart 8 Deluxe versions prior to 2.1.0, update to version 2.1.0 or later. For ARMS versions prior to 5.4.1, update to version 5.4.1 or later. For Splatoon 2 versions prior to 5.5.1, update to version 5.5.1 or later. For Splatoon 3 versions prior to late 2022, update to a version released after late 2022. For Super Mario Maker 2 versions prior to 3.0.2, update to version 3.0.2 or later. For Nintendo Switch Sports versions prior to late 2022, update to a version released after late 2022. For Mario Kart 8 and Splatoon, at the moment, there is no information about a newer version that contains a fix for this vulnerability.