CVE-2023-42822

2023-09-2718:15:11

Debian Security Bug Tracker

security-tracker.debian.org

xrdp

remote desktop

vulnerability

font glyphs

bounds-checked

out-of-bounds read

privileged process

forking mode

upgrade

release 0.9.23.1

unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allxrdp<= 0.9.21.1-1xrdp_0.9.21.1-1_all.deb
Debian11allxrdp<= 0.9.21.1-1~deb11u1xrdp_0.9.21.1-1~deb11u1_all.deb
Debian999allxrdp< 0.9.24-2xrdp_0.9.24-2_all.deb
Debian13allxrdp< 0.9.24-2xrdp_0.9.24-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xrdp	<= 0.9.21.1-1	xrdp_0.9.21.1-1_all.deb
Debian	11	all	xrdp	<= 0.9.21.1-1~deb11u1	xrdp_0.9.21.1-1~deb11u1_all.deb
Debian	999	all	xrdp	< 0.9.24-2	xrdp_0.9.24-2_all.deb
Debian	13	all	xrdp	< 0.9.24-2	xrdp_0.9.24-2_all.deb