Vulnerability CVE-2018-8794: Information
Description
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: Feb. 5, 2019
Modified: Sept. 29, 2020
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
rdesktop | sisyphus | 1.8.4-alt1 | 1.9.0-alt1 | ALT-PU-2019-2898-1 | 239159 | Fixed |
rdesktop | p10 | 1.8.4-alt1 | 1.9.0-alt1 | ALT-PU-2019-2898-1 | 239159 | Fixed |
rdesktop | p9 | 1.9.0-alt1 | 1.9.0-alt1 | ALT-PU-2020-1636-1 | 248614 | Fixed |
rdesktop | c10f1 | 1.8.4-alt1 | 1.9.0-alt1 | ALT-PU-2019-2898-1 | 239159 | Fixed |
rdesktop | c9f2 | 1.9.0-alt1 | 1.9.0-alt1 | ALT-PU-2020-1636-1 | 248614 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 |
|
106938 |
|
DSA-4394 |
|
[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update |
|
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ |
|
GLSA-201903-06 |
|
openSUSE-SU-2019:2135 |
|