CVSS 3.1 Score 7.6 of 10 (high)


Published Dec 14, 2023
Updated: Dec 27, 2023
CWE ID 120


CVE-2023-42801 is a buffer overflow vulnerability found in the Moonlight GameStream client code, specifically in the moonlight-common-c package. This vulnerability affects various products, including Qt, Android, iOS/tvOS, and Embedded. Exploiting the buffer overflow could potentially crash a Moonlight client, although achieving remote code execution (RCE) is unlikely due to stack canaries used by modern compiler toolchains. The bug was addressed in a commit that fixed the issue. To remediate this vulnerability, users should ensure they are using official clients with stack canaries and avoid pairing with malicious hosts. Although RCE is unlikely, organizations should still be cautious as a compromised Moonlight client could pose risks to confidentiality and availability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42801 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options