CVE-2023-42799

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.

Published: Dec 14, 2023
Updated: Dec 21, 2023
CVE: CVE-2023-42799
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
moonlight-stream / moonlight-common-c	2022-11-04	2023-10-06
moonlight-stream / moonlight	8.4.0	8.5.0.x
moonlight-stream / moonlight	10.10	11.0.x
moonlight-stream / moonlight	0.10.22	0.10.22.x
moonlight-stream / moonlight_embedded	2.6.0	2.6.0.x
moonlight-stream / moonlight_xbox	1.12.0	1.14.40.x
moonlight-stream / moonlight_tv	1.5.4	1.5.27.x
moonlight-stream / moonlight_switch	0.13	0.13.3.x
moonlight-stream / moonlight_vita	0.9.2	0.9.3.x

Vulnerability Database

289,697

CVE-2023-42799