K3An3

**Name of the Vulnerable Software and Affected Versions** Moonlight-common-c versions prior to the version containing commit 02b7742f4d19631024bd766bd2bb76715780004e **Description** The issue is related to a buffer overflow vulnerability in Moonlight-common-c, which contains the core GameStream client code. This vulnerability is due to the unmitigated usage of unsafe C functions and improper bounds checking, starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9. A malicious game streaming server could exploit this vulnerability to crash a Moonlight client or achieve remote code execution (RCE) on the client, especially if exploit mitigations are insufficient or can be bypassed. **Recommendations** For Moonlight-common-c versions prior to the version containing commit 02b7742f4d19631024bd766bd2bb76715780004e, update to a version that includes the fix for the buffer overflow vulnerability. As a temporary workaround, consider restricting access to the Moonlight client until the update is applied to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moonlight-common-c versions prior to the version containing commit 24750d4b748fefa03d09fcfd6d45056faca354e0 **Description** Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. It is vulnerable to buffer overflow due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit this issue to crash a Moonlight client or achieve remote code execution (RCE) on the client, especially if exploit mitigations are insufficient or can be bypassed. **Recommendations** For Moonlight-common-c versions prior to the version containing commit 24750d4b748fefa03d09fcfd6d45056faca354e0, update to a version that includes the fix from commit 24750d4b748fefa03d09fcfd6d45056faca354e0 to resolve the buffer overflow vulnerability. As a temporary workaround, consider restricting access to the Moonlight client from untrusted game streaming servers to minimize the risk of exploitation.