CVE-2017-16927Improper Restriction of Operations within the Bounds of a Memory Buffer in Xrdp

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 72.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Neutrinolabs XrdpDebian Linux
Timeline
PublishedNov 23
Latest updateMay 13

Description

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages3 packages

Debianneutrinolabs/xrdp< 0.9.4-3+3
Ubuntuneutrinolabs/xrdp< 0.6.0-1ubuntu0.1+esm1+1

Also affects: Debian Linux 7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-26g9-q99r-c973: The scp_v0s_accept function in sesman/libscp/libscp_v02022-05-13
OSV
xrdp vulnerabilities2021-03-15
CVEList
CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v02017-11-23
OSV
CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v02017-11-23

📋Vendor Advisories

2
Ubuntu
xrdp vulnerabilities2021-03-15
Debian
CVE-2017-16927: xrdp - The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager ...2017

💬Community

3
Bugzilla
CVE-2017-16927 xrdp: Buffer-overflow in scp_v0s_accept function in session manager [epel-all]2017-11-23
Bugzilla
CVE-2017-16927 xrdp: Buffer-overflow in scp_v0s_accept function in session manager [fedora-all]2017-11-23
Bugzilla
CVE-2017-16927 xrdp: Buffer-overflow in scp_v0s_accept function in session manager2017-11-23
CVE-2017-16927 — Neutrinolabs Xrdp vulnerability | cvebase