Vulnerability CVE-2018-20178: Information
Description
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
rdesktop | sisyphus | 1.8.4-alt1 | 1.9.0-alt1 | ALT-PU-2019-2898-1 | 239159 | Fixed |
rdesktop | p10 | 1.8.4-alt1 | 1.9.0-alt1 | ALT-PU-2019-2898-1 | 239159 | Fixed |
rdesktop | p9 | 1.9.0-alt1 | 1.9.0-alt1 | ALT-PU-2020-1636-1 | 248614 | Fixed |
rdesktop | c10f1 | 1.8.4-alt1 | 1.9.0-alt1 | ALT-PU-2019-2898-1 | 239159 | Fixed |
rdesktop | c9f2 | 1.9.0-alt1 | 1.9.0-alt1 | ALT-PU-2020-1636-1 | 248614 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ |
|
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 |
|
DSA-4394 |
|
GLSA-201903-06 |
|
[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update |
|
106938 |
|
openSUSE-SU-2019:2135 |