Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.
{
"cwe_ids": [
"CWE-120"
],
"cna_assigner": "GitHub_M",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42799.json"
}[
{
"id": "CVE-2023-42799-53795dc4",
"target": {
"file": "src/Connection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_type": "Line",
"digest": {
"line_hashes": [
"239063600269162047879560378402808421387",
"304286444082599011488360342623550406703",
"145133113321982208168002140704311958777",
"155242177420339314242737221015563163408"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2023-42799-5645fa6f",
"target": {
"function": "LiStartConnection",
"file": "src/Connection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_type": "Function",
"digest": {
"function_hash": "216749568033953369102299049624660539519",
"length": 8701.0
},
"deprecated": false
},
{
"id": "CVE-2023-42799-603c0323",
"target": {
"file": "src/RtspConnection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e",
"signature_type": "Line",
"digest": {
"line_hashes": [
"145361895789606986803063108422463421466",
"262844706574178262470942437273317287810",
"335315002908883980926183930954541650765",
"111858403108666096687427999186670456577",
"64621012252733102827246247527299668842",
"7214922318177427030530602083214805699",
"160129813819765365589890795562805036716",
"215880915544235868590669370903861300404",
"91474062565402684808998372414990826714",
"138543671902459321204983567452339136617",
"261159981781517212457491899918478565432",
"31931399327393373915322617883466535404",
"273346810059171023971702172933797881379",
"306228892479065641695353242115928375396",
"171420901697017516682107275382990703968",
"261681353823014586316143578227949671267",
"276645249114011696947690199012800191313",
"279282245950179612367750279770693991391",
"36780015028460880001815195965426846229",
"186116110406463169190376949757368717304",
"339255101326689787282011825490948490334"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2023-42799-6a549146",
"target": {
"function": "parseUrlAddrFromRtspUrlString",
"file": "src/RtspConnection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e",
"signature_type": "Function",
"digest": {
"function_hash": "92148377635259456592917942543466520737",
"length": 634.0
},
"deprecated": false
},
{
"id": "CVE-2023-42799-6c5a7787",
"target": {
"function": "performRtspHandshake",
"file": "src/RtspConnection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e",
"signature_type": "Function",
"digest": {
"function_hash": "162668956479928146255684939537212398577",
"length": 9584.0
},
"deprecated": false
},
{
"id": "CVE-2023-42799-71458f6b",
"target": {
"function": "performRtspHandshake",
"file": "src/RtspConnection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_type": "Function",
"digest": {
"function_hash": "267856921275146833003163000135869781896",
"length": 7653.0
},
"deprecated": false
},
{
"id": "CVE-2023-42799-8128653e",
"target": {
"file": "src/Limelight-internal.h"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_type": "Line",
"digest": {
"line_hashes": [
"138937151939253295641556458528757018166",
"150848591510164444176134670561320576510",
"141605363688541044481589462279622908555",
"258973438493162274745206873229966998034"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2023-42799-b071c360",
"target": {
"file": "src/RtspConnection.c"
},
"signature_version": "v1",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_type": "Line",
"digest": {
"line_hashes": [
"176392410645551473757290304504647735423",
"92349308075097086908155920676915426031",
"285574399697035579572872130016877408878",
"228172342884939622137310657408087115136",
"194411812651883647785865283725786027313",
"280309381516405937967901095614330029941",
"21674010121518097526876545884449158568",
"299568207986546455845422377632948678955",
"38216044337138339532464182446100492146",
"40153430615842876630110272734696008915",
"96557381653404937290649113920685505916",
"318701121151641294879590171252344670612",
"872027798981297453299085672544947168",
"213813951512645245167203532416459142948",
"276674577814988335607934344724279729806",
"189112153309367876418389791865469626707",
"285046150449608262818265695827656232650",
"204975117690906461705256311130410726675",
"275403468661015685035481777759761985975"
],
"threshold": 0.9
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42799.json"
"2026-04-12T04:43:53Z"
[
{
"events": [
{
"introduced": "2022-11-04"
},
{
"fixed": "2023-10-06"
}
]
},
{
"events": [
{
"introduced": "8.4.0"
},
{
"last_affected": "8.5.0"
}
]
},
{
"events": [
{
"introduced": "8.4.0"
},
{
"last_affected": "8.5.0"
}
]
},
{
"events": [
{
"introduced": "10.10"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.10.22"
}
]
},
{
"events": [
{
"introduced": "1.12.0"
},
{
"last_affected": "1.14.40"
}
]
},
{
"events": [
{
"introduced": "1.5.4"
},
{
"last_affected": "1.5.27"
}
]
},
{
"events": [
{
"introduced": "0.13"
},
{
"last_affected": "0.13.3"
}
]
},
{
"events": [
{
"introduced": "0.9.2"
},
{
"last_affected": "0.9.3"
}
]
}
]