CVE-2024-45200

Name of the Vulnerable Software and Affected Versions Mario Kart 8 Deluxe versions prior to 3.0.3

Description The issue is caused by a stack-based buffer overflow in the LAN/LDN local multiplayer implementation, allowing a remote attacker to exploit it upon deserialization of session information via a malformed browse-reply packet. This can be done when the victim opens the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby or on the same LAN network sends a crafted reply packet to the victim's console. The attacker can obtain complete denial-of-service on the game's process or potentially achieve remote code execution on the victim's console. The problem stems from the incorrect use of the Nintendo Pia library.

Recommendations For Mario Kart 8 Deluxe versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "Wireless Play" (or "LAN Play") feature until the update is applied. Restrict access to the LAN network to minimize the risk of exploitation. Avoid using the LAN/LDN local multiplayer implementation until the issue is resolved.