Vulnerability CVE-2018-20178: Information

Description

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-20178
Published: March 15, 2019
Modified: Sept. 15, 2019
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
rdesktopsisyphus1.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopp101.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopp91.9.0-alt11.9.0-alt1ALT-PU-2020-1636-1248614Fixed
rdesktopc10f11.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopc9f21.9.0-alt11.9.0-alt1ALT-PU-2020-1636-1248614Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
  • Exploit
  • Third Party Advisory
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
  • Patch
  • Third Party Advisory
DSA-4394
  • Third Party Advisory
GLSA-201903-06
  • Third Party Advisory
[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update
  • Mailing List
  • Third Party Advisory
106938
  • Third Party Advisory
  • VDB Entry
openSUSE-SU-2019:2135

      1. Configuration 1

        cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:*
        End including
        1.8.3

        Configuration 2

        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top