CVE-2023-42800: Buffer overflow due to use of `strcpy` in `performRtspHandshake`
First published: Thu Dec 14 2023(Updated: )
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moonlight Stream | >=2022-11-04<2023-10-06 | |
| Moonlight | >=8.4.0<=8.5.0 | |
| Moonlight | >=8.4.0<=8.5.0 | |
| Moonlight | >=10.10<=11.0 | |
| Moonlight | =0.10.22 | |
| Moonlight | =2.6.0 | |
| Moonlight | >=1.12.0<=1.14.40 | |
| Moonlight Stream | >=1.5.4<=1.5.27 | |
| Moonlight | >=0.13<=0.13.3 | |
| Moonlight | >=0.9.2<=0.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62
- https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0
- https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9
- https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796
Frequently Asked Questions
What is the severity of CVE-2023-42800?
CVE-2023-42800 is classified as a critical vulnerability due to the potential for a buffer overflow.
How do I fix CVE-2023-42800?
To fix CVE-2023-42800, update to the latest version of Moonlight-common-c that addresses this buffer overflow issue.
What software is affected by CVE-2023-42800?
CVE-2023-42800 affects various versions of Moonlight and Moonlight-common-c across multiple platforms including mobile and embedded systems.
What are the consequences of exploiting CVE-2023-42800?
Exploiting CVE-2023-42800 could allow attackers to execute arbitrary code remotely, compromising the affected system.
When was CVE-2023-42800 introduced?
CVE-2023-42800 was introduced in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9.
- agent/references
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/moonlight-stream
- canonical/moonlight stream
- version/moonlight stream/2022-11-04
- canonical/moonlight
- version/moonlight/8.4.0
- version/moonlight/8.5.0
- version/moonlight/10.10
- version/moonlight/11.0
- version/moonlight/0.10.22
- version/moonlight/2.6.0
- version/moonlight/1.12.0
- version/moonlight/1.14.40
- version/moonlight stream/1.5.4
- version/moonlight stream/1.5.27
- version/moonlight/0.13
- version/moonlight/0.13.3
- version/moonlight/0.9.2
- version/moonlight/0.9.3