Browse all 4 CVE security advisories affecting moonlight-stream. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Moonlight-stream is a media streaming platform primarily used for content distribution and playback. Historically, it has been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The platform has faced multiple security incidents, including four publicly disclosed CVEs, with some allowing attackers to execute arbitrary code or bypass security controls. Its architecture typically involves client-server communication with web interfaces, creating multiple attack surfaces. Security researchers have identified consistent patterns in vulnerability classes, suggesting potential gaps in secure coding practices and input sanitization across different versions of the software.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-42801 | Stack buffer overflow due to `strcpy` into fixed size buffer in `extractVersionQuadFromString` — moonlight-common-cCWE-120 | 7.6 | High | 2023-12-14 |
| CVE-2023-42800 | Buffer overflow due to use of `strcpy` in `performRtspHandshake` — moonlight-common-cCWE-120 | 8.8 | High | 2023-12-14 |
| CVE-2023-42799 | Buffer overflow due to use of `strcpy` in `parseUrlAddrFromRtspUrlString` — moonlight-common-cCWE-120 | 8.8 | High | 2023-12-14 |
| CVE-2020-11024 | Man-in-the-middle attack in Moonlight iOS/tvOS — MoonlightCWE-300 | 6.1 | Medium | 2020-04-29 |
This page lists every published CVE security advisory associated with moonlight-stream. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.