Vulnerability CVE-2018-8795: Information

Description

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-8795
Published: Feb. 5, 2019
Modified: Sept. 29, 2020
Error type identifier: CWE-787CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
rdesktopsisyphus1.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopp101.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopp91.9.0-alt11.9.0-alt1ALT-PU-2020-1636-1248614Fixed
rdesktopc10f11.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopc9f21.9.0-alt11.9.0-alt1ALT-PU-2020-1636-1248614Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
  • Patch
  • Third Party Advisory
106938
  • Third Party Advisory
  • VDB Entry
DSA-4394
  • Third Party Advisory
[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update
  • Mailing List
  • Third Party Advisory
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
  • Third Party Advisory
GLSA-201903-06
  • Third Party Advisory
openSUSE-SU-2019:2135
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:*
      End including
      1.8.3

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top