VYPR
Unrated severityNVD Advisory· Published Jan 20, 2025· Updated Jan 21, 2025

Sunshine improperly enforces pairing protocol request order

CVE-2024-51738

Description

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lizardbyte/Sunshinellm-fuzzy2 versions
    <=0.23.1+ 1 more
    • (no CPE)range: <=0.23.1
    • (no CPE)range: < 2025.118.151840

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.