CVE-2023-42800

Buffer overflow due to use of `strcpy` in `performRtspHandshake`

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.

Moonlight-common-c contiene el código principal del cliente GameStream compartido entre los clientes Moonlight. Moonlight-common-c es vulnerable al desbordamiento del búfer a partir de el commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 debido al uso absoluto de funciones C inseguras y a una verificación de límites inadecuada. Un servidor de transmisión de juegos malicioso podría aprovechar una vulnerabilidad de desbordamiento del búfer para bloquear un cliente de luz nocturna o lograr la ejecución remota de código (RCE) en el cliente (con mitigaciones de explotación insuficientes o si se pueden evitar las mitigaciones). El error se solucionó en el commit 24750d4b748fefa03d09fcfd6d45056faca354e0.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-14 CVE Reserved
2023-12-14 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-11-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (4)

URL	Tag	Source
https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796	Product

URL	Date	SRC
https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62	2024-08-02

URL	Date	SRC
https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0	2023-12-21
https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9	2023-12-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight-common-c Search vendor "Moonlight-stream" for product "Moonlight-common-c"				>= 2022-11-04 < 2023-10-06 Search vendor "Moonlight-stream" for product "Moonlight-common-c" and version " >= 2022-11-04 < 2023-10-06"		-		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Search vendor "Moonlight-stream" for product "Moonlight"				>= 8.4.0 <= 8.5.0 Search vendor "Moonlight-stream" for product "Moonlight" and version " >= 8.4.0 <= 8.5.0"		iphone_os		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Search vendor "Moonlight-stream" for product "Moonlight"				>= 8.4.0 <= 8.5.0 Search vendor "Moonlight-stream" for product "Moonlight" and version " >= 8.4.0 <= 8.5.0"		tvos		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Search vendor "Moonlight-stream" for product "Moonlight"				>= 10.10 <= 11.0 Search vendor "Moonlight-stream" for product "Moonlight" and version " >= 10.10 <= 11.0"		android		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Search vendor "Moonlight-stream" for product "Moonlight"				0.10.22 Search vendor "Moonlight-stream" for product "Moonlight" and version "0.10.22"		chrome		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Embedded Search vendor "Moonlight-stream" for product "Moonlight Embedded"				2.6.0 Search vendor "Moonlight-stream" for product "Moonlight Embedded" and version "2.6.0"		-		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Xbox Search vendor "Moonlight-stream" for product "Moonlight Xbox"				>= 1.12.0 <= 1.14.40 Search vendor "Moonlight-stream" for product "Moonlight Xbox" and version " >= 1.12.0 <= 1.14.40"		-		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Tv Search vendor "Moonlight-stream" for product "Moonlight Tv"				>= 1.5.4 <= 1.5.27 Search vendor "Moonlight-stream" for product "Moonlight Tv" and version " >= 1.5.4 <= 1.5.27"		-		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Switch Search vendor "Moonlight-stream" for product "Moonlight Switch"				>= 0.13 <= 0.13.3 Search vendor "Moonlight-stream" for product "Moonlight Switch" and version " >= 0.13 <= 0.13.3"		-		Affected
Moonlight-stream Search vendor "Moonlight-stream"		Moonlight Vita Search vendor "Moonlight-stream" for product "Moonlight Vita"				>= 0.9.2 <= 0.9.3 Search vendor "Moonlight-stream" for product "Moonlight Vita" and version " >= 0.9.2 <= 0.9.3"		-		Affected