CVE-2023-42800
- Source
- https://cve.org/CVERecord?id=CVE-2023-42800
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42800.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-42800
- Aliases
-
- GHSA-4927-23jw-rq62
- Published
- 2023-12-14T16:57:44.846Z
- Modified
- 2026-04-12T04:43:53.735472Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Buffer overflow due to use of `strcpy` in `performRtspHandshake`
- Details
-
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-120" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42800.json" }- References
-
- https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42800.json
- https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62
- https://nvd.nist.gov/vuln/detail/CVE-2023-42800
- https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0
- https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9
Affected packages
Git / github.com/moonlight-stream/moonlight-common-c
Affected ranges
- Type
- GIT
- Repo
- https://github.com/moonlight-stream/moonlight-common-c
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
v0.*
v0.1.0-beta-1
v0.1.0-beta-6
v0.1.0-beta-7
v0.1.0-beta-8
v0.1.0-beta-9
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.9.0
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.3
v1.1.4
v1.2.0
v1.4.0
v1.5.0
v2.*
v2.6.0
Database specific
vanir_signatures_modified
"2026-04-12T04:43:53Z"
vanir_signatures
[
{
"id": "CVE-2023-42800-53795dc4",
"target": {
"file": "src/Connection.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"239063600269162047879560378402808421387",
"304286444082599011488360342623550406703",
"145133113321982208168002140704311958777",
"155242177420339314242737221015563163408"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_version": "v1"
},
{
"id": "CVE-2023-42800-5645fa6f",
"target": {
"file": "src/Connection.c",
"function": "LiStartConnection"
},
"deprecated": false,
"digest": {
"function_hash": "216749568033953369102299049624660539519",
"length": 8701.0
},
"signature_type": "Function",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_version": "v1"
},
{
"id": "CVE-2023-42800-6cbf9cf6",
"target": {
"file": "src/RtspConnection.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"148394692097508356767351951632609024813",
"132042617081469502642801404274178369602",
"286856859093069006104965218113866160685",
"81405481424843852400990073803804137985"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0",
"signature_version": "v1"
},
{
"id": "CVE-2023-42800-71458f6b",
"target": {
"file": "src/RtspConnection.c",
"function": "performRtspHandshake"
},
"deprecated": false,
"digest": {
"function_hash": "267856921275146833003163000135869781896",
"length": 7653.0
},
"signature_type": "Function",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_version": "v1"
},
{
"id": "CVE-2023-42800-7be46cfd",
"target": {
"file": "src/RtspConnection.c",
"function": "performRtspHandshake"
},
"deprecated": false,
"digest": {
"function_hash": "296101530799337265766383468572227426661",
"length": 9659.0
},
"signature_type": "Function",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0",
"signature_version": "v1"
},
{
"id": "CVE-2023-42800-8128653e",
"target": {
"file": "src/Limelight-internal.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"138937151939253295641556458528757018166",
"150848591510164444176134670561320576510",
"141605363688541044481589462279622908555",
"258973438493162274745206873229966998034"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_version": "v1"
},
{
"id": "CVE-2023-42800-b071c360",
"target": {
"file": "src/RtspConnection.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"176392410645551473757290304504647735423",
"92349308075097086908155920676915426031",
"285574399697035579572872130016877408878",
"228172342884939622137310657408087115136",
"194411812651883647785865283725786027313",
"280309381516405937967901095614330029941",
"21674010121518097526876545884449158568",
"299568207986546455845422377632948678955",
"38216044337138339532464182446100492146",
"40153430615842876630110272734696008915",
"96557381653404937290649113920685505916",
"318701121151641294879590171252344670612",
"872027798981297453299085672544947168",
"213813951512645245167203532416459142948",
"276674577814988335607934344724279729806",
"189112153309367876418389791865469626707",
"285046150449608262818265695827656232650",
"204975117690906461705256311130410726675",
"275403468661015685035481777759761985975"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42800.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "2022-11-04"
},
{
"fixed": "2023-10-06"
}
]
},
{
"events": [
{
"introduced": "8.4.0"
},
{
"last_affected": "8.5.0"
}
]
},
{
"events": [
{
"introduced": "8.4.0"
},
{
"last_affected": "8.5.0"
}
]
},
{
"events": [
{
"introduced": "10.10"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.10.22"
}
]
},
{
"events": [
{
"introduced": "1.12.0"
},
{
"last_affected": "1.14.40"
}
]
},
{
"events": [
{
"introduced": "1.5.4"
},
{
"last_affected": "1.5.27"
}
]
},
{
"events": [
{
"introduced": "0.13"
},
{
"last_affected": "0.13.3"
}
]
},
{
"events": [
{
"introduced": "0.9.2"
},
{
"last_affected": "0.9.3"
}
]
}
]