We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-31226

Sunshine's unquoted executable path could lead to hijacked execution flow



Description

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.

Reserved 2024-03-29 | Published 2024-05-16 | Updated 2024-08-15 | Assigner GitHub_M


MEDIUM: 4.9CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Problem types

CWE-428: Unquoted Search Path or Element

Product status

>= 0.17.0, < 0.23.0
affected

References

github.com/...nshine/security/advisories/GHSA-r3rw-mx4q-7vfp

github.com/LizardByte/Sunshine/pull/2379

github.com/...ommit/93e622342c4f3e9b34f5f265039b6775b8e33a7a

cve.org (CVE-2024-31226)

nvd.nist.gov (CVE-2024-31226)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-31226

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.