cbcvebase.
CVE-2017-16927
published 2017-11-23

CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows…

PriorityP431high8.4CVSS 3.0
AVLACLPRNUINSUCHIHAH
EPSS
0.41%
32.6th percentile
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianxrdp< xrdp 0.9.4-3 (bookworm)xrdp 0.9.4-3 (bookworm)
neutrinolabsxrdp<= 0.9.4
neutrinolabsxrdp>= 0 < 0.9.4-30.9.4-3
neutrinolabsxrdp>= 0 < 0.9.4-30.9.4-3
neutrinolabsxrdp>= 0 < 0.9.4-30.9.4-3
neutrinolabsxrdp>= 0 < 0.9.4-30.9.4-3
neutrinolabsxrdp>= 0 < 0.6.0-1ubuntu0.1+esm10.6.0-1ubuntu0.1+esm1
neutrinolabsxrdp>= 0 < 0.6.1-2ubuntu0.3+esm10.6.1-2ubuntu0.3+esm1

CVSS provenance

nvdv3.08.4HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv8.4HIGH
vendor_debian8.4HIGH
vendor_ubuntu8.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.