CVE-2018-20179Integer Underflow (Wrap or Wraparound) in Rdesktop

CWE-191Integer Underflow (Wrap or Wraparound)CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
7.5%
top 8.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RdesktopDebian Rdesktop
Timeline
PublishedMar 15
Latest updateMay 14

Description

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/rdesktop< rdesktop 1.8.4-1 (bookworm)
Debianrdesktop/rdesktop< 1.8.4-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-4q64-7w7g-5x5w: rdesktop versions up to and including v12022-05-14
OSV
CVE-2018-20179: rdesktop versions up to and including v12019-03-15

📋Vendor Advisories

2
Red Hat
rdesktop: Remote code execution in lspci_process2019-01-04
Debian
CVE-2018-20179: rdesktop - rdesktop versions up to and including v1.8.3 contain an Integer Underflow that l...2018

💬Community

2
Bugzilla
CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-2019-01-29
Bugzilla
CVE-2018-20179 rdesktop: Remote code execution in lspci_process2019-01-29