7.6 - CVE-2023-42801

Executive Summary

Informations
Name	CVE-2023-42801	First vendor Publication	2023-12-14
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Overall CVSS Score	7.6
Base Score	7.6	Environmental Score	7.6
impact SubScore	4.7	Temporal Score	7.6
Exploitabality Sub Score	2.8

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	Required
Scope	Unchanged	Confidentiality Impact	Low
Integrity Impact	Low	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42801

CPE : Common Platform Enumeration

Type	Description	Count
Application	Moonlight-Stream Moonlight cpe:2.3:a:moonlight-stream:moonlight:0.10.22:::::chrome:: cpe:2.3:a:moonlight-stream:moonlight::::::iphone_os::* cpe:2.3:a:moonlight-stream:moonlight::::::tvos::* cpe:2.3:a:moonlight-stream:moonlight::::::android::* cpe:2.3:a:moonlight-stream:moonlight::::::chrome::*	5
Application	Moonlight-Stream Moonlight Embedded cpe:2.3:a:moonlight-stream:moonlight_embedded:2.6.0:::::::* cpe:2.3:a:moonlight-stream:moonlight_embedded::::::::	2
Application	Moonlight-Stream Moonlight Switch cpe:2.3:a:moonlight-stream:moonlight_switch::::::::	1
Application	Moonlight-Stream Moonlight Tv cpe:2.3:a:moonlight-stream:moonlight_tv::::::::	1
Application	Moonlight-Stream Moonlight Vita cpe:2.3:a:moonlight-stream:moonlight_vita::::::::	1
Application	Moonlight-Stream Moonlight-Common-C cpe:2.3:a:moonlight-stream:moonlight-common-c::::::::	1

Sources (Detail)

https://github.com/moonlight-stream/moonlight-common-c/blob/c1744de06938b5a5c...
https://github.com/moonlight-stream/moonlight-common-c/commit/b2497a3918a6d79...
https://github.com/moonlight-stream/moonlight-common-c/commit/f57bd745b4cbed5...
https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GH...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-25 09:29:50	Multiple Updates
2023-12-28 00:27:37	Multiple Updates
2023-12-14 21:27:24	First insertion

7.6 - CVE-2023-42801

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU