8.8

CVE-2023-42800

Exploit
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moonlight-streamMoonlight-common-c Version >= 2022-11-04 < 2023-10-06
Moonlight-streamMoonlight SwPlatformiphone_os Version >= 8.4.0 <= 8.5.0
Moonlight-streamMoonlight SwPlatformtvos Version >= 8.4.0 <= 8.5.0
Moonlight-streamMoonlight SwPlatformandroid Version >= 10.10 <= 11.0
Moonlight-streamMoonlight Version0.10.22 SwPlatformchrome
Moonlight-streamMoonlight Xbox Version >= 1.12.0 <= 1.14.40
Moonlight-streamMoonlight Tv Version >= 1.5.4 <= 1.5.27
Moonlight-streamMoonlight Switch Version >= 0.13 <= 0.13.3
Moonlight-streamMoonlight Vita Version >= 0.9.2 <= 0.9.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.7
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.