ID:

CVE-2018-20177 (NVD)

- Vulnerability Info (edit)
2019-03-15

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

Products Rdesktop
Type Integer Overflow or Wraparound (CWE-190)
First patch https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Relevant file/s • ./asn.c (modified, +1, -1)
• ./bitmap.c (modified, +4, -4)
• ./cliprdr.c (modified, +6)
• ./constants.h (modified, +3)
• ./cssp.c (modified, +16, -1)
• ./lspci.c (modified, +8, -1)
• ./mcs.c (modified, +18, -2)
• ./orders.c (modified, +6)
• ./proto.h (modified, +2, -1)
• ./rdp.c (modified, +132, -60)
• ./rdpdr.c (modified, +11)
• ./rdpsnd.c (modified, +11)
• ./seamless.c (modified, +12)
• ./secure.c (modified, +17)
• ./stream.h (modified, +1, -1)
• ./types.h (modified, +2)
Links https://www.debian.org/security/2019/dsa-4394
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
http://www.securityfocus.com/bid/106938
https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
https://security.gentoo.org/glsa/201903-06
Annotation

Note:

This entry has not been annotated yet.

Please consider adding data:

rdesktop - Tree: 4dca546d04

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: