CVE-2022-24126 – A buffer overflow vulnerability in Dark Souls I... (How to Fix)

Q: What is the severity of CVE-2022-24126?

CVE-2022-24126 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in Dark Souls III's NRSessionSearchResult parser allows remote attackers to execute arbitrary code via matchmaking servers. This affects all Dark Souls III players using online features through March 19, 2022. Attackers can potentially take full control of affected systems.

📋 TL;DR

A buffer overflow vulnerability in Dark Souls III's NRSessionSearchResult parser allows remote attackers to execute arbitrary code via matchmaking servers. This affects all Dark Souls III players using online features through March 19, 2022. Attackers can potentially take full control of affected systems.

💻 Affected Systems

Products:

Bandai Namco FromSoftware Dark Souls III

Versions: All versions through March 19, 2022

Operating Systems: Windows, PlayStation 4, Xbox One

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using online multiplayer features. Single-player mode may be unaffected.

📦 What is this software?

Dark Souls Iii by Fromsoftware

View all CVEs affecting Dark Souls Iii →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's computer, enabling data theft, ransomware deployment, or botnet recruitment.

🟠

Likely Case

Game crashes, account compromise, or malware installation on vulnerable systems connecting to malicious matchmaking servers.

🟢

If Mitigated

Limited to denial of service (game crashes) if network segmentation prevents code execution.

🌐 Internet-Facing: HIGH - Exploitable via matchmaking servers which are internet-facing by design.

🏢 Internal Only: LOW - Primarily affects internet-connected gaming clients, not internal enterprise systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Attack requires victim to connect to malicious matchmaking server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after March 19, 2022

Vendor Advisory: https://fromsoftware.jp

Restart Required: Yes

Instructions:

1. Launch Dark Souls III. 2. Allow automatic updates. 3. Verify game version is post-March 19, 2022. 4. Restart game if prompted.

🔧 Temporary Workarounds

Disable Online Features

all

Play in offline mode to prevent connection to matchmaking servers

Launch game -> Settings -> Network -> Set to Offline

Block Matchmaking Traffic

windows

Use firewall to block Dark Souls III network connections

netsh advfirewall firewall add rule name="Block DS3" dir=out action=block program="C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe" enable=yes

🧯 If You Can't Patch

Disable online multiplayer features completely
Use network segmentation to isolate gaming systems from critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check game version date - if before March 19, 2022 and online features are enabled, system is vulnerable.

Check Version:

Check game properties in Steam/console or view game files modification dates

Verify Fix Applied:

Verify game has updated automatically or manually check version is post-March 19, 2022.

📡 Detection & Monitoring

Log Indicators:

Game crash logs with memory access violations
Unexpected network connections to non-standard matchmaking servers

Network Indicators:

Unusual outbound connections from game client
Traffic to suspicious IPs on matchmaking ports

SIEM Query:

source="game_logs" AND (event="crash" OR event="memory_violation") AND process="DarkSoulsIII.exe"

📊 Metadata

CVE ID: CVE-2022-24126

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 20, 2022

Last Updated: November 21, 2024

🔗 References

https://fromsoftware.jp Product
https://github.com/tremwil/ds3-nrssr-rce Exploit,Third Party Advisory
https://fromsoftware.jp Product
https://github.com/tremwil/ds3-nrssr-rce Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24126, you might also want to check these: