Description
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.
Exploits (1)
References (2)
Core 2
Core References
Product x_refsource_misc
https://fromsoftware.jp
Exploit, Third Party Advisory x_refsource_misc
https://github.com/tremwil/ds3-nrssr-rce
Scores
CVSS v3
8.8
EPSS
0.0909
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
fromsoftware/dark_souls_iii
< 2022-03-19
Published
Mar 20, 2022
Tracked Since
Feb 18, 2026