CVE-2023-42800: Buffer overflow due to use of `strcpy` in `performRtspHandshake`

First published: Thu Dec 14 2023(Updated: )

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.

Credit: security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/event
• agent/remedy
• agent/softwarecombine
• agent/first-publish-date
• agent/weakness
• agent/title
• agent/author
• agent/severity
• agent/description
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/source
• agent/tags
• collector/nvd-api
• agent/software-canonical-lookup-request
• vendor/moonlight-stream
• canonical/moonlight stream
• version/moonlight stream/2022-11-04
• canonical/moonlight
• version/moonlight/8.4.0
• version/moonlight/8.5.0
• version/moonlight/10.10
• version/moonlight/11.0
• version/moonlight/0.10.22
• version/moonlight/2.6.0
• version/moonlight/1.12.0
• version/moonlight/1.14.40
• version/moonlight stream/1.5.4
• version/moonlight stream/1.5.27
• version/moonlight/0.13
• version/moonlight/0.13.3
• version/moonlight/0.9.2
• version/moonlight/0.9.3