cvelistv5 - cve-2025-49589

CVE-2025-49589 (GCVE-0-2025-49589)

Vulnerability from cvelistv5 – Published: 2025-06-12 20:56 – Updated: 2025-06-13 14:07

Title

PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging

Summary

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

Severity ?

6.1 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

GitHub_M

References

URL

Tags

	https://github.com/PCSX2/pcsx2/security/advisorie…	x_refsource_CONFIRM
	https://github.com/PCSX2/pcsx2/pull/12823	x_refsource_MISC
	https://github.com/PCSX2/pcsx2/pull/12826	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	PCSX2	pcsx2	Affected: < 2.3.414

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T14:06:48.902688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T14:07:14.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pcsx2",
          "vendor": "PCSX2",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.414"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-12T20:56:38.711Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35"
        },
        {
          "name": "https://github.com/PCSX2/pcsx2/pull/12823",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PCSX2/pcsx2/pull/12823"
        },
        {
          "name": "https://github.com/PCSX2/pcsx2/pull/12826",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PCSX2/pcsx2/pull/12826"
        }
      ],
      "source": {
        "advisory": "GHSA-f494-4xf7-xj35",
        "discovery": "UNKNOWN"
      },
      "title": "PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49589",
    "datePublished": "2025-06-12T20:56:38.711Z",
    "dateReserved": "2025-06-06T15:44:21.556Z",
    "dateUpdated": "2025-06-13T14:07:14.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-49589\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-12T21:15:21.480\",\"lastModified\":\"2025-06-16T12:32:18.840\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.\"},{\"lang\":\"es\",\"value\":\"PCSX2 es un emulador gratuito y de c\u00f3digo abierto de PlayStation 2 (PS2). Existe un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n Kprintf_HLE de las versiones de PCSX2 hasta la 2.3.414. Abrir una imagen de disco que registra un mensaje especialmente manipulado podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario si el usuario habilit\u00f3 el registro de consola IOP. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.3.414.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://github.com/PCSX2/pcsx2/pull/12823\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/PCSX2/pcsx2/pull/12826\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49589\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-13T14:06:48.902688Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-13T14:06:54.713Z\"}}], \"cna\": {\"title\": \"PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging\", \"source\": {\"advisory\": \"GHSA-f494-4xf7-xj35\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"PCSX2\", \"product\": \"pcsx2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.3.414\"}]}], \"references\": [{\"url\": \"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35\", \"name\": \"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/PCSX2/pcsx2/pull/12823\", \"name\": \"https://github.com/PCSX2/pcsx2/pull/12823\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/PCSX2/pcsx2/pull/12826\", \"name\": \"https://github.com/PCSX2/pcsx2/pull/12826\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-12T20:56:38.711Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-49589\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-13T14:07:14.750Z\", \"dateReserved\": \"2025-06-06T15:44:21.556Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-12T20:56:38.711Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-49589

Vulnerability from fkie_nvd - Published: 2025-06-12 21:15 - Updated: 2025-06-16 12:32

Severity ?

6.1 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H