Vulnerability DatabaseCVE-2024-51738
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-51738
January 20, 2025
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.
Related Resources (2)
https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499
https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
Authentication Bypass by Primary Weakness
CWE-305
Improper Enforcement of Behavioral Workflow
CWE-841
EPSS
Base Score:
1.84