CVE-2024-51738

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sunshine versions 0.23.1 and earlier

Description Sunshine is a self-hosted game stream host for Moonlight. The pairing protocol implementation does not validate request order, making it vulnerable to a MITM attack. This potentially allows an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. A remote attacker may also use this bug to crash Sunshine.

Recommendations For Sunshine versions 0.23.1 and earlier, update to version 2025.118.151840 or later to resolve the issue. As a temporary workaround, consider restricting access to the pairing protocol to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-841CWE-305

Related Identifiers

CVE-2024-51738

GHSA-3HRW-XV8H-9499

Affected Products

Sunshine

CVE-2024-51738

Weakness Enumeration

Related Identifiers

Affected Products

References · 9