Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
Products | Debian_linux, Rdesktop |
Type | Out-of-bounds Read (CWE-125) |
First patch |
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 |
Relevant file/s |
• ./asn.c (modified, +1, -1)
• ./bitmap.c (modified, +4, -4) • ./cliprdr.c (modified, +6) • ./constants.h (modified, +3) • ./cssp.c (modified, +16, -1)
• ./lspci.c (modified, +8, -1)
• ./mcs.c (modified, +18, -2) • ./orders.c (modified, +6) • ./proto.h (modified, +2, -1) • ./rdp.c (modified, +132, -60) • ./rdpdr.c (modified, +11) • ./rdpsnd.c (modified, +11) • ./seamless.c (modified, +12) • ./secure.c (modified, +17) • ./stream.h (modified, +1, -1) • ./types.h (modified, +2) |
Links |
• https://security.gentoo.org/glsa/201903-06
• https://www.debian.org/security/2019/dsa-4394 • http://www.securityfocus.com/bid/106938 • https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: