xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
References
Configurations
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
15 Mar 2022, 16:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject fedora
Fedoraproject |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5ONRGARKHGFU2CIEQ7E6M6VJZEM5XWW/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3XGFJNQMNXHBD3J7CBM4YURYEDXROWZ/ - Mailing List, Third Party Advisory |
17 Feb 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2022, 15:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:neutrinolabs:xrdp:0.9.17:*:*:*:*:*:*:* cpe:2.3:a:neutrinolabs:xrdp:0.9.18:*:*:*:*:*:*:* |
|
First Time |
Neutrinolabs xrdp
Neutrinolabs |
|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | (CONFIRM) https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32 - Third Party Advisory | |
References | (MISC) https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa - Patch, Third Party Advisory |
07 Feb 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-07 22:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-23613
Mitre link : CVE-2022-23613
CVE.ORG link : CVE-2022-23613
JSON object : View
Products Affected
neutrinolabs
- xrdp
fedoraproject
- fedora
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)