CVE-2023-42799 — HIGH (8.8)

Q: How severe is CVE-2023-42799?

CVE-2023-42799 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-42799?

Check the references section above for vendor advisories and patch information. Affected products include: Moonlight-Stream Moonlight-Common-C, Moonlight-Stream Moonlight, Moonlight-Stream Moonlight Embedded, Moonlight-Stream Moonlight Xbox, Moonlight-Stream Moonlight Tv.

Vulnerability Description

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moonlight-Stream	Moonlight-Common-C	>= 2022-11-04, < 2023-10-06
Moonlight-Stream	Moonlight	>= 8.4.0, <= 8.5.0
Moonlight-Stream	Moonlight Embedded	2.6.0
Moonlight-Stream	Moonlight Xbox	>= 1.12.0, <= 1.14.40
Moonlight-Stream	Moonlight Tv	>= 1.5.4, <= 1.5.27
Moonlight-Stream	Moonlight Switch	>= 0.13, <= 0.13.3
Moonlight-Stream	Moonlight Vita	>= 0.9.2, <= 0.9.3

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2023-42799?

CVE-2023-42799 is a vulnerability with a CVSS score of 8.8 (HIGH). Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2...

How severe is CVE-2023-42799?

CVE-2023-42799 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-42799?

Check the references section above for vendor advisories and patch information. Affected products include: Moonlight-Stream Moonlight-Common-C, Moonlight-Stream Moonlight, Moonlight-Stream Moonlight Embedded, Moonlight-Stream Moonlight Xbox, Moonlight-Stream Moonlight Tv.