CVE-2023-42799
Buffer overflow due to use of `strcpy` in `parseUrlAddrFromRtspUrlString`
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.
Moonlight-common-c contiene el código principal del cliente GameStream compartido entre los clientes Moonlight. Moonlight-common-c es vulnerable al desbordamiento del búfer a partir de el commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 debido al uso absoluto de funciones C inseguras y a una verificación de los límites inadecuada. Un servidor de transmisión de juegos malicioso podría aprovechar una vulnerabilidad de desbordamiento del búfer para bloquear un cliente de luz nocturna o lograr la ejecución remota de código (RCE) en el cliente (con mitigaciones de explotación insuficientes o si se pueden evitar las mitigaciones). El error se solucionó en el commit 02b7742f4d19631024bd766bd2bb76715780004e.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-09-14 CVE Reserved
- 2023-12-14 CVE Published
- 2024-10-08 CVE Updated
- 2024-10-08 First Exploit
- 2024-11-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m | 2024-10-08 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight-common-c Search vendor "Moonlight-stream" for product "Moonlight-common-c" | >= 2022-11-04 < 2023-10-06 Search vendor "Moonlight-stream" for product "Moonlight-common-c" and version " >= 2022-11-04 < 2023-10-06" | - |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Search vendor "Moonlight-stream" for product "Moonlight" | >= 8.4.0 <= 8.5.0 Search vendor "Moonlight-stream" for product "Moonlight" and version " >= 8.4.0 <= 8.5.0" | iphone_os |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Search vendor "Moonlight-stream" for product "Moonlight" | >= 8.4.0 <= 8.5.0 Search vendor "Moonlight-stream" for product "Moonlight" and version " >= 8.4.0 <= 8.5.0" | tvos |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Search vendor "Moonlight-stream" for product "Moonlight" | >= 10.10 <= 11.0 Search vendor "Moonlight-stream" for product "Moonlight" and version " >= 10.10 <= 11.0" | android |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Search vendor "Moonlight-stream" for product "Moonlight" | 0.10.22 Search vendor "Moonlight-stream" for product "Moonlight" and version "0.10.22" | chrome |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Embedded Search vendor "Moonlight-stream" for product "Moonlight Embedded" | 2.6.0 Search vendor "Moonlight-stream" for product "Moonlight Embedded" and version "2.6.0" | - |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Xbox Search vendor "Moonlight-stream" for product "Moonlight Xbox" | >= 1.12.0 <= 1.14.40 Search vendor "Moonlight-stream" for product "Moonlight Xbox" and version " >= 1.12.0 <= 1.14.40" | - |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Tv Search vendor "Moonlight-stream" for product "Moonlight Tv" | >= 1.5.4 <= 1.5.27 Search vendor "Moonlight-stream" for product "Moonlight Tv" and version " >= 1.5.4 <= 1.5.27" | - |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Switch Search vendor "Moonlight-stream" for product "Moonlight Switch" | >= 0.13 <= 0.13.3 Search vendor "Moonlight-stream" for product "Moonlight Switch" and version " >= 0.13 <= 0.13.3" | - |
Affected
| ||||||
Moonlight-stream Search vendor "Moonlight-stream" | Moonlight Vita Search vendor "Moonlight-stream" for product "Moonlight Vita" | >= 0.9.2 <= 0.9.3 Search vendor "Moonlight-stream" for product "Moonlight Vita" and version " >= 0.9.2 <= 0.9.3" | - |
Affected
|