cbcvebase.

Neutrinolabs Xrdp vulnerabilities

31 known vulnerabilities affecting neutrinolabs/xrdp.

Total CVEs
31
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL15HIGH11MEDIUM5

Vulnerabilities

Page 1 of 2
CVE-2008-5904P3HIGHCVSS 7.5PoC≥ 0, < 0.4.0~dfsg-92009-01-15
CVE-2008-5904 [HIGH] CVE-2008-5904: The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
osv
CVE-2025-68670P2CRITICALCVSS 9.8fixed in 0.10.52026-01-27
CVE-2025-68670 [CRITICAL] CWE-121 CVE-2025-68670: xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffe xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target syst
nvdosv
CVE-2026-35512P2HIGHCVSS 8.8fixed in 0.10.62026-04-17
CVE-2026-35512 [HIGH] CWE-122 CVE-2026-35512: xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication
nvd
CVE-2026-33689P3CRITICALCVSS 9.1fixed in 0.10.62026-04-17
CVE-2026-33689 [CRITICAL] CWE-125 CVE-2026-33689: xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validat
nvd
CVE-2024-39917P3CRITICALCVSS 9.8fixed in 0.10.0≤ 0.10.02024-07-12
CVE-2024-39917 [CRITICAL] CWE-307 CVE-2024-39917: xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows at xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result
nvdosv
CVE-2026-32623P3HIGHCVSS 8.1fixed in 0.10.62026-04-17
CVE-2026-32623 [HIGH] CWE-122 CVE-2026-32623: xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vuln xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP se
nvd
CVE-2026-32105P3HIGHCVSS 7.7fixed in 0.10.62026-04-17
CVE-2026-32105 [HIGH] CWE-354 CVE-2026-32105: xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integ
nvd
CVE-2026-33516P3CRITICALCVSS 9.1fixed in 0.10.62026-04-17
CVE-2026-33516 [CRITICAL] CWE-125 CVE-2026-33516: xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerabili xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU.
nvd
CVE-2022-23480P3CRITICALCVSS 9.8fixed in 0.9.212022-12-09
CVE-2022-23480 [CRITICAL] CWE-120 CVE-2022-23480: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23479P3CRITICALCVSS 9.8fixed in 0.9.212022-12-09
CVE-2022-23479 [CRITICAL] CWE-120 CVE-2022-23479: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23477P3CRITICALCVSS 9.8fixed in 0.9.212022-12-09
CVE-2022-23477 [CRITICAL] CWE-120 CVE-2022-23477: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23478P3CRITICALCVSS 9.8fixed in 0.9.212022-12-09
CVE-2022-23478 [CRITICAL] CWE-787 CVE-2022-23478: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23468P3CRITICALCVSS 9.8fixed in 0.9.212022-12-09
CVE-2022-23468 [CRITICAL] CWE-120 CVE-2022-23468: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2026-32107P3HIGHCVSS 8.8fixed in 0.10.62026-04-17
CVE-2026-32107 [HIGH] CWE-273 CVE-2026-32107: xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did n xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed
nvd
CVE-2022-23493P3CRITICALCVSS 9.1fixed in 0.9.212022-12-09
CVE-2022-23493 [CRITICAL] CWE-125 CVE-2022-23493: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23484P3CRITICALCVSS 9.8fixed in 0.9.212022-12-09
CVE-2022-23484 [CRITICAL] CWE-190 CVE-2022-23484: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23483P3CRITICALCVSS 9.1fixed in 0.9.212022-12-09
CVE-2022-23483 [CRITICAL] CWE-125 CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23481P3CRITICALCVSS 9.1fixed in 0.9.212022-12-09
CVE-2022-23481 [CRITICAL] CWE-125 CVE-2022-23481: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2022-23482P3CRITICALCVSS 9.1fixed in 0.9.212022-12-09
CVE-2022-23482 [CRITICAL] CWE-125 CVE-2022-23482: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.
nvdosv
CVE-2020-4044P3HIGHCVSS 7.8fixed in 0.9.13.12020-06-30
CVE-2020-4044 [HIGH] CWE-121 CVE-2020-4044: The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supp The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are sub
nvdosv