CVE-2025-34449
CRITICAL WAF: Medium
CVSS 9.1
Published: 2025-12-18
CWE-502 CWE-502
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| genymotion | scrcpy | up to 3.3.4 |
References
- github.com (Patch)
- github.com (Exploit, Issue Tracking, Patch)
- github.com (Exploit, Third Party Advisory)
- www.vulncheck.com (Third Party Advisory)