CVE-2022-47949 Information

Description

The Nintendo NetworkBuffer class as used in Animal Crossing: New Horizons before 2.0.6 and other products allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2 Mario Kart 8 Mario Kart 8 Deluxe before 2.1.0 ARMS before 5.4.1 Splatoon Splatoon 2 before 5.5.1 Splatoon 3 before late 2022 Super Mario Maker 2 before 3.0.2 and Nintendo Switch Sports before late 2022.

Reference

https://github.com/PabloMK7/ENLBufferPwn