CVE-2022-23603 – CVE-2022-23603 is a code injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-23603?

CVE-2022-23603 has a CVSS score of 9.9 (CRITICAL). CVE-2022-23603 is a code injection vulnerability in iTunesRPC-Remastered, a Discord rich presence application for iTunes and Apple Music. Attackers can execute arbitrary code by exploiting improper input sanitization. All users running vulnerable versions are affected.

📋 TL;DR

CVE-2022-23603 is a code injection vulnerability in iTunesRPC-Remastered, a Discord rich presence application for iTunes and Apple Music. Attackers can execute arbitrary code by exploiting improper input sanitization. All users running vulnerable versions are affected.

💻 Affected Systems

Products:

iTunesRPC-Remastered

Versions: All versions before commit 24f43aa

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Discord and iTunes/Apple Music to be installed and running.

📦 What is this software?

Itunesrpc Remastered by Itunesrpc Remastered Project

View all CVEs affecting Itunesrpc Remastered →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the application context, potentially leading to malware installation.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and network access is restricted.

🌐 Internet-Facing: LOW (application typically runs locally, not as a service)

🏢 Internal Only: MEDIUM (requires user interaction or local access to exploit)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction or local access to trigger the vulnerable input handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 24f43aa and later

Vendor Advisory: https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96

Restart Required: Yes

Instructions:

1. Update to latest version from GitHub repository 2. Restart the application 3. Verify commit hash includes 24f43aa or later

🧯 If You Can't Patch

Disable or uninstall iTunesRPC-Remastered
Run application with minimal user privileges

🔍 How to Verify

Check if Vulnerable:

Check if application version is before commit 24f43aa by examining the source code or build metadata.

Check Version:

Check application settings or about dialog for version/commit information

Verify Fix Applied:

Verify the commit hash includes 24f43aa or later in the application's version information.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from iTunesRPC-Remastered
Suspicious command-line arguments

Network Indicators:

Unexpected outbound connections from the application

SIEM Query:

Process creation events where parent process is iTunesRPC-Remastered with unusual command-line parameters

📊 Metadata

CVE ID: CVE-2022-23603

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-116

Published: February 1, 2022

Last Updated: May 5, 2025

🔗 References

https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998 Patch,Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411 Patch,Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96 Patch,Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998 Patch,Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411 Patch,Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23603, you might also want to check these: