Vulnerabilities > CVE-2022-24125 - Unspecified vulnerability in Fromsoftware Dark Souls III

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fromsoftware

NVD

Published: 2022-03-20

Updated: 2024-11-21

Summary

The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.

Vulnerable Configurations

Part	Description	Count
Application	Fromsoftware Fromsoftware Dark Souls III -	1

References

https://fromsoftware.jp
https://fromsoftware.jp
https://github.com/tremwil/ds3-nrssr-rce
https://github.com/tremwil/ds3-nrssr-rce