CVE-2008-5903 — Xrdp vulnerability

CWE-1895 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.0%

top 16.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Neutrinolabs Xrdp Xrdp

Timeline

PublishedJan 15

Latest updateMay 17

Description

Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianneutrinolabs/xrdp< 0.4.0~dfsg-9+3

▶NVDxrdp/xrdp0.4.1+4

🔴Vulnerability Details

GHSA

GHSA-7rvf-q6wj-wg7q: Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs↗2022-05-17

▶

OSV

CVE-2008-5903: Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs↗2009-01-15

▶

CVEList

CVE-2008-5903: Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs↗2009-01-15

▶

📋Vendor Advisories

Debian

CVE-2008-5903: xrdp - Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0...↗2008

▶