Gentoo FoundationMGASA-2023-0002Updated xrdp packages fix security vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
57.6%
xrdp less than v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. (CVE-2022-23468) xrdp less than v0.9.21 contain a buffer over flow in audin_send_open() function. (CVE-2022-23477) xrdp less than v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. (CVE-2022-23478) xrdp less than v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. (CVE-2022-23479) xrdp less than v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. (CVE-2022-23480) xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. (CVE-2022-23481) xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. (CVE-2022-23482) xrdp less than v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. (CVE-2022-23483) xrdp less than v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. (CVE-2022-23484) xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. (CVE-2022-23493)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | xrdp | < 0.9.21-1 | xrdp-0.9.21-1.mga8 |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
57.6%