cbcvebase.
CVE-2022-23483
published 2022-12-09

CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out…

PriorityP347critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.82%
52.7th percentile
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianxrdp< xrdp 0.9.21.1-1 (bookworm)xrdp 0.9.21.1-1 (bookworm)
neutrinolabsxrdp< 0.9.210.9.21
neutrinolabsxrdp>= 0 < 0.9.21.1-1~deb11u10.9.21.1-1~deb11u1
neutrinolabsxrdp>= 0 < 0.9.21.1-10.9.21.1-1
neutrinolabsxrdp>= 0 < 0.9.21.1-10.9.21.1-1
neutrinolabsxrdp>= 0 < 0.9.21.1-10.9.21.1-1
neutrinolabsxrdp>= 0 < 0.6.0-1ubuntu0.1+esm30.6.0-1ubuntu0.1+esm3
neutrinolabsxrdp>= 0 < 0.6.1-2ubuntu0.3+esm30.6.1-2ubuntu0.3+esm3
neutrinolabsxrdp>= 0 < 0.9.5-2ubuntu0.1~esm20.9.5-2ubuntu0.1~esm2
neutrinolabsxrdp>= 0 < 0.9.12-1ubuntu0.1+esm10.9.12-1ubuntu0.1+esm1
neutrinolabsxrdp>= 0 < 0.9.17-2ubuntu2+esm10.9.17-2ubuntu2+esm1

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.8CRITICAL
vendor_debian7.5HIGH
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.