CVE-2022-23482

2022-12-0918:15:16

Debian Security Bug Tracker

security-tracker.debian.org

xrdp

out of bound read

vulnerability

upgrade

microsoft remote desktop protocol

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.

OSVersionArchitecturePackageVersionFilename
Debian12allxrdp< 0.9.21.1-1xrdp_0.9.21.1-1_all.deb
Debian11allxrdp< 0.9.21.1-1~deb11u1xrdp_0.9.21.1-1~deb11u1_all.deb
Debian10allxrdp< 0.9.9-1+deb10u3xrdp_0.9.9-1+deb10u3_all.deb
Debian999allxrdp< 0.9.21.1-1xrdp_0.9.21.1-1_all.deb
Debian13allxrdp< 0.9.21.1-1xrdp_0.9.21.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xrdp	< 0.9.21.1-1	xrdp_0.9.21.1-1_all.deb
Debian	11	all	xrdp	< 0.9.21.1-1~deb11u1	xrdp_0.9.21.1-1~deb11u1_all.deb
Debian	10	all	xrdp	< 0.9.9-1+deb10u3	xrdp_0.9.9-1+deb10u3_all.deb
Debian	999	all	xrdp	< 0.9.21.1-1	xrdp_0.9.21.1-1_all.deb
Debian	13	all	xrdp	< 0.9.21.1-1	xrdp_0.9.21.1-1_all.deb