CVE-2023-42800

CVSS V2 None CVSS V3 None

Description

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.

Overview

CVE ID
CVE-2023-42800

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-12-14T16:57:44.846Z

Last Modified Date
2023-12-14T16:57:44.846Z

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html

References

Reference URL	Reference Tags
https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62	x_refsource_CONFIRM
https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0	x_refsource_MISC
https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9	x_refsource_MISC
https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-42800
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42800

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 14:14:16				Added to TrackCVE