CVE-2023-42799: 
Homebrew vulnerability analysis and mitigation

CVE-2023-42799 affects Moonlight-common-c, which contains the core GameStream client code shared between Moonlight clients. The vulnerability was introduced in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 and fixed in commit 02b7742f4d19631024bd766bd2bb76715780004e. The issue stems from unmitigated usage of unsafe C functions and improper bounds checking in the parseUrlAddrFromRtspUrlString function (GitHub Advisory).

The vulnerability is a buffer overflow in the parseUrlAddrFromRtspUrlString function in RtspConnection.c. The function uses an unsafe strcpy operation to copy server-provided RTSP URL string into urlAddr, a static buffer of length 48, without proper bounds checking. This vulnerability is only triggered when the client selects a video bitrate of at least 15 Mbps. The issue has been assigned a CVSS v3.1 base score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (GitHub Advisory).

A malicious game streaming server could exploit this vulnerability to crash a Moonlight client or achieve remote code execution (RCE) on the client system if exploit mitigations are insufficient or can be bypassed. The vulnerability requires the user to be tricked into pairing with a malicious host and cannot be exploited through MITM attacks due to public key pinning during the pairing process (GitHub Advisory).

The vulnerability has been patched in commit 02b7742f4d19631024bd766bd2bb76715780004e. Users should upgrade to the latest version of their respective Moonlight clients that includes this fix (GitHub Patch).