Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5904Improper Input Validation in Xrdp

CWE-20Improper Input Validation6 documents6 sources
Severity
7.5HIGHNVD
EPSS
2.8%
top 13.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Neutrinolabs XrdpXrdp
Timeline
PublishedJan 15
Latest updateMay 17

Description

The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianneutrinolabs/xrdp< 0.4.0~dfsg-9+3
NVDxrdp/xrdp0.4.1+4

🔴Vulnerability Details

3
GHSA
GHSA-3v3g-wjq6-79v9: The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp2022-05-17
OSV
CVE-2008-5904: The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp2009-01-15
CVEList
CVE-2008-5904: The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp2009-01-15

💥Exploits & PoCs

1
Exploit-DB
XRDP 0.4.1 - Remote Buffer Overflow (PoC)2009-04-17

📋Vendor Advisories

1
Debian
CVE-2008-5904: xrdp - The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 an...2008
CVE-2008-5904 — Improper Input Validation in Xrdp | cvebase