CVE-2022-24126
Published: 20 March 2022
Summary
CVE-2022-24126 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Fromsoftware Dark Souls Iii. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A buffer overflow vulnerability exists in the NRSessionSearchResult parser within Bandai Namco FromSoftware Dark Souls III versions through March 19, 2022. The flaw, tracked as CVE-2022-24126 and assigned CWE-787, carries a CVSS v3.1 score of 9.8 and stems from improper bounds checking during processing of session search results.
Remote attackers with no authentication or user interaction required can exploit the issue over the network by interacting with the game's matchmaking servers, achieving arbitrary code execution on affected clients. This represents a distinct flaw from the earlier CVE-2021-34170 in the same title.
Public references point to the vendor site at fromsoftware.jp and a GitHub repository containing related technical details at github.com/tremwil/ds3-nrssr-rce, though no explicit patch or mitigation guidance is detailed in the available references. The associated EPSS score has remained flat at 0.1451 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29037
Vulnerability details
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.