CVE-2023-42801

Name of the Vulnerable Software and Affected Versions Moonlight-common-c versions prior to the version containing commit b2497a3918a6d79808d9fd0c04734786e70d5954

Description The issue is related to a buffer overflow vulnerability in the Moonlight-common-c library, which is used for GameStream client code. A malicious game streaming server could exploit this vulnerability to crash a Moonlight client or potentially achieve remote code execution, although this is considered unlikely due to the use of stack canaries in modern compiler toolchains. The vulnerability can only be exploited after the pairing process and requires the client to be tricked into pairing with a malicious host. Public key pinning during the pairing process prevents exploitation via man-in-the-middle attacks.

Recommendations For Moonlight-common-c versions prior to the version containing commit b2497a3918a6d79808d9fd0c04734786e70d5954, update to a version that includes the fix for the buffer overflow vulnerability. As a temporary workaround, consider restricting access to the Moonlight-common-c library until a patch is available. Avoid pairing Moonlight clients with untrusted or unknown game streaming servers to minimize the risk of exploitation.