QwikSec

Security Database

CVE

CWE

Training

CVE-2024-51738

Published: Jan 20, 2025

Modified: Jan 21, 2025

PUBLISHED

Description

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.

Vendor	Product	Versions
LizardByte	Sunshine	affected `< 2025.118.151840`

Weaknesses (CWE)

References

https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499

x_refsource_CONFIRM

https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.