CVE-2023-42799

Published: Dec 14, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.

Affected (10)

Products: Moonlight Stream: Moonlight Common C, Moonlight, Moonlight Embedded, Moonlight Xbox, Moonlight Tv, Moonlight Switch, Moonlight Vita

Moonlight Stream

7 products

Moonlight Common C

Moonlight Embedded

Moonlight Switch

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight Common C	From 2022-11-04 to 2023-10-06

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight	From 8.4.0 to 8.5.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight	From 8.4.0 to 8.5.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight	From 10.10 to 11.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight	Version 0.10.22

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight Embedded	Version 2.6.0

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight Xbox	From 1.12.0 to 1.14.40

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight Tv	From 1.5.4 to 1.5.27

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight Switch	From 0.13 to 0.13.3

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Moonlight Stream Moonlight Vita	From 0.9.2 to 0.9.3

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e

Source: security-advisories@github.com

Patch

https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9

Source: security-advisories@github.com

Patch

https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.