CVE-2023-42800
📋 TL;DR
Moonlight-common-c contains a buffer overflow vulnerability in its GameStream client code. A malicious game streaming server could exploit this to crash Moonlight clients or achieve remote code execution on vulnerable systems. This affects all Moonlight clients using vulnerable versions of moonlight-common-c.
💻 Affected Systems
- Moonlight Game Streaming clients using moonlight-common-c library
📦 What is this software?
Moonlight by Moonlight Stream
Moonlight by Moonlight Stream
Moonlight by Moonlight Stream
Moonlight by Moonlight Stream
Moonlight Common C by Moonlight Stream
Moonlight Embedded by Moonlight Stream
Moonlight Switch by Moonlight Stream
Moonlight Tv by Moonlight Stream
Moonlight Vita by Moonlight Stream
Moonlight Xbox by Moonlight Stream
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution on client systems, potentially leading to full system compromise.
Likely Case
Client crashes and denial of service, with RCE possible under certain conditions.
If Mitigated
Client crashes but no code execution if modern exploit mitigations are effective.
🎯 Exploit Status
Exploitation requires a malicious game streaming server, but no authentication is needed to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 24750d4b748fefa03d09fcfd6d45056faca354e0 and later
Vendor Advisory: https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62
Restart Required: Yes
Instructions:
1. Update moonlight-common-c to commit 24750d4b748fefa03d09fcfd6d45056faca354e0 or later. 2. Rebuild Moonlight client applications. 3. Restart Moonlight clients.
🔧 Temporary Workarounds
Disable GameStream connections
allPrevent Moonlight clients from connecting to untrusted game streaming servers
🧯 If You Can't Patch
- Restrict Moonlight clients to only connect to trusted, known game streaming servers
- Implement network segmentation to isolate Moonlight clients from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check if Moonlight client uses moonlight-common-c version between vulnerable commits 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 and 24750d4b748fefa03d09fcfd6d45056faca354e0Check Version:
Check build information or source code commit hash in Moonlight clientVerify Fix Applied:
Verify moonlight-common-c is at commit 24750d4b748fefa03d09fcfd6d45056faca354e0 or later📡 Detection & Monitoring
Log Indicators:
- Moonlight client crashes, segmentation faults, or abnormal termination
Network Indicators:
- Unusual RTSP traffic patterns from game streaming servers
SIEM Query:
Search for Moonlight process crashes or segmentation faults in system logs🔗 References
- https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796
- https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0
- https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9
- https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62
- https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796
- https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0
- https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9
- https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62
