CVE-2022-23483
published 2022-12-09CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out…
PriorityP347critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.82%
52.7th percentile
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).
xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | xrdp | < xrdp 0.9.21.1-1 (bookworm) | xrdp 0.9.21.1-1 (bookworm) |
| neutrinolabs | xrdp | < 0.9.21 | 0.9.21 |
| neutrinolabs | xrdp | >= 0 < 0.9.21.1-1~deb11u1 | 0.9.21.1-1~deb11u1 |
| neutrinolabs | xrdp | >= 0 < 0.9.21.1-1 | 0.9.21.1-1 |
| neutrinolabs | xrdp | >= 0 < 0.9.21.1-1 | 0.9.21.1-1 |
| neutrinolabs | xrdp | >= 0 < 0.9.21.1-1 | 0.9.21.1-1 |
| neutrinolabs | xrdp | >= 0 < 0.6.0-1ubuntu0.1+esm3 | 0.6.0-1ubuntu0.1+esm3 |
| neutrinolabs | xrdp | >= 0 < 0.6.1-2ubuntu0.3+esm3 | 0.6.1-2ubuntu0.3+esm3 |
| neutrinolabs | xrdp | >= 0 < 0.9.5-2ubuntu0.1~esm2 | 0.9.5-2ubuntu0.1~esm2 |
| neutrinolabs | xrdp | >= 0 < 0.9.12-1ubuntu0.1+esm1 | 0.9.12-1ubuntu0.1+esm1 |
| neutrinolabs | xrdp | >= 0 < 0.9.17-2ubuntu2+esm1 | 0.9.17-2ubuntu2+esm1 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.8CRITICAL
vendor_debian7.5HIGH
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xrdp vulnerabilities
vendor_ubuntu·2023-11-08·CVSS 6.5
CVE-2022-23468 [MEDIUM] xrdp vulnerabilities
Title: xrdp vulnerabilities
Summary: Several security issues were fixed in xrdp.
It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds reads. An attacker
could possibly use this issue to crash the program or extract sensitive
information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483,
CVE-2023-42822)
It was discovered that xrdp improperly handled session establishment
errors. An attacker could potentially use this issue to bypass the
OS-level session restrictions by PAM. (CVE-2023-40184)
It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds writes. An attacker
could possibly use this issue to cause memory corruption or execute
arbitrary code. This issue only
Debian
CVE-2022-23483: xrdp - xrdp is an open source project which provides a graphical login to remote machin...
vendor_debian·2022·CVSS 7.5
CVE-2022-23483 [HIGH] CVE-2022-23483: xrdp - xrdp is an open source project which provides a graphical login to remote machin...
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
Scope: local
bookworm: resolved (fixed in 0.9.21.1-1)
bullseye: resolved (fixed in 0.9.21.1-1~deb11u1)
forky: resolved (fixed in 0.9.21.1-1)
sid: resolved (fixed in 0.9.21.1-1)
trixie: resolved (fixed in 0.9.21.1-1)
OSV
xrdp vulnerabilities
osv·2023-11-08·CVSS 9.8
CVE-2022-23479 [CRITICAL] xrdp vulnerabilities
xrdp vulnerabilities
It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds reads. An attacker
could possibly use this issue to crash the program or extract sensitive
information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483,
CVE-2023-42822)
It was discovered that xrdp improperly handled session establishment
errors. An attacker could potentially use this issue to bypass the
OS-level session restrictions by PAM. (CVE-2023-40184)
It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds writes. An attacker
could possibly use this issue to cause memory corruption or execute
arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04
OSV
CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP)
osv·2022-12-09·CVSS 9.1
CVE-2022-23483 [CRITICAL] CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP)
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-09
Published