Unrated severityNVD Advisory· Published Jan 20, 2025· Updated Jan 21, 2025
Sunshine improperly enforces pairing protocol request order
CVE-2024-51738
Description
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=0.23.1+ 1 more
- (no CPE)range: <=0.23.1
- (no CPE)range: < 2025.118.151840
Patches
Vulnerability mechanics
References
2- github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7ddmitrex_refsource_MISC
- github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.