CVE-2023-42799: Buffer overflow due to use of `strcpy` in `parseUrlAddrFromRtspUrlString`
First published: Thu Dec 14 2023(Updated: )
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moonlight Stream | >=2022-11-04<2023-10-06 | |
| Moonlight | >=8.4.0<=8.5.0 | |
| Moonlight | >=8.4.0<=8.5.0 | |
| Moonlight | >=10.10<=11.0 | |
| Moonlight | =0.10.22 | |
| Moonlight | =2.6.0 | |
| Moonlight | >=1.12.0<=1.14.40 | |
| Moonlight Stream | >=1.5.4<=1.5.27 | |
| Moonlight | >=0.13<=0.13.3 | |
| Moonlight | >=0.9.2<=0.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-42799?
CVE-2023-42799 is considered a high severity vulnerability due to its potential to cause a buffer overflow.
How do I fix CVE-2023-42799?
To fix CVE-2023-42799, users must update to the patched version of moonlight-common-c or the affected Moonlight applications.
What type of vulnerability is CVE-2023-42799?
CVE-2023-42799 is a buffer overflow vulnerability stemming from unsafe C function usage and improper bounds checking.
Which software is affected by CVE-2023-42799?
CVE-2023-42799 affects various Moonlight applications, including moonlight-common-c and specific versions of the Moonlight client for iOS, Android, and others.
When was CVE-2023-42799 introduced?
CVE-2023-42799 was introduced starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9.
- agent/type
- agent/event
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/moonlight-stream
- canonical/moonlight stream
- version/moonlight stream/2022-11-04
- canonical/moonlight
- version/moonlight/8.4.0
- version/moonlight/8.5.0
- version/moonlight/10.10
- version/moonlight/11.0
- version/moonlight/0.10.22
- version/moonlight/2.6.0
- version/moonlight/1.12.0
- version/moonlight/1.14.40
- version/moonlight stream/1.5.4
- version/moonlight stream/1.5.27
- version/moonlight/0.13
- version/moonlight/0.13.3
- version/moonlight/0.9.2
- version/moonlight/0.9.3