CVE-2023-42800— Buffer overflow due to use of `strcpy` in `performRtspHandshake`
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-42800
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer overflow due to use of `strcpy` in `performRtspHandshake`
Source: NVD (National Vulnerability Database)
Vulnerability Description
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Moonlight 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Moonlight是一款基于iOS和tvOS平台的NVIDIA GameStream协议的开源实现,它主要用于将游戏视频流流式传输到受支持的设备。 Moonlight-common-c存在安全漏洞,该漏洞源于不正确的边界检查,容易受到缓冲区溢出的影响,攻击者可以实现远程代码执行(RCE)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| moonlight-stream | moonlight-common-c | >= 50c0a51b10ecc5b3415ea78c21d96d679e2288f9, < 24750d4b748fefa03d09fcfd6d45056faca354e0 | - |
II. Public POCs for CVE-2023-42800
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-42800
请登录查看更多情报信息。
Same Patch Batch · moonlight-stream · 2023-12-14 · 3 CVEs total
| CVE-2023-42799 | 8.8 HIGH | Buffer overflow due to use of `strcpy` in `parseUrlAddrFromRtspUrlString` |
| CVE-2023-42801 | 7.6 HIGH | Stack buffer overflow due to `strcpy` into fixed size buffer in `extractVersionQuadFromStr |
IV. Related Vulnerabilities
Same weakness: CWE-120
- CVE-2026-8260
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings - CVE-2026-8137
Totolink X5000R formDdns sub_458E40 buffer overflow - CVE-2026-6691
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow - CVE-2026-7857
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow - CVE-2026-7856
D-Link DI-8100 Web Management url_member.asp buffer overflow
V. Comments for CVE-2023-42800
No comments yet