Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2249
HistoryOct 21, 2023 - 1:15 p.m.

Advisory ROSA-SA-2023-2249

2023-10-2113:15:43
ROSA LAB
abf.rosalinux.ru
6
xrdp server
remote execution
arbitrary code
unauthorized access
update
buffer overflow
denial of service

10 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

software: xrdp 0.9.22.1
OS: ROSA-CHROME

package_evr_string: xrdp-0.9.22.1-1.src.rpm

CVE-ID: CVE-2022-23468
BDU-ID: 2022-07312
CVE-Crit: CRITICAL
CVE-DESC.: A vulnerability in the xrdp_login_wnd_create() function of the XRDP server involves buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23477
BDU-ID: 2022-07224
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the audin_send_open function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23478
BDU-ID: 2022-07225
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the xrdp_mm_trans_process_drdynvc_channel_open function of the XRDP server is related to the ability to write outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23479
BDU-ID: 2022-07309
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the xrdp_mm_chan_data_in() function of the XRDP server is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23480
BDU-ID: 2022-07306
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the devredir_proc_client_devlist_announce_req() function of the XRDP server is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23481
BDU-ID: 2022-07313
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xrdp_caps_process_confirm_active() function of the XRDP server involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update xrdp

CVE-ID: CVE-2022-23482
BDU-ID: 2022-07311
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xrdp_sec_process_mcs_data_CS_CORE() function of the XRDP server involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial-of-service condition
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update xrdp

CVE-ID: CVE-2022-23483
BDU-ID: 2022-07308
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libxrdp_send_to_channel() function of the XRDP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23484
BDU-ID: 2022-07307
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the xrdp_mm_process_rail_update_window_text() function of the XRDP server involves an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update xrdp

CVE-ID: CVE-2022-23493
BDU-ID: 2022-07310
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xrdp_mm_trans_process_drdynvc_channel_close() function of the XRDP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update xrdp

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchxrdp< 0.9.22.1UNKNOWN

Related

nessus 12
redos 1
fedora 2
openvas 13
mageia 1
debian 3
altlinux 1
freebsd 1
osv 14
ubuntu 1
prion 10
cvelist 10
veracode 10
debiancve 10
ubuntucve 10
cve 10
alpinelinux 10
rosalinux 2
nessus
nessus
Fedora 36 : 1:xrdp (2022-08d2138578)
2022-12-23 00:00:00
SUSE SLED15 / SLES15 Security Update : xrdp (SUSE-SU-2023:0033-1)
2023-01-06 00:00:00
Debian DSA-5502-1 : xrdp - security update
2023-09-19 00:00:00
redos
redos
ROS-20221222-01
2022-12-22 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: xrdp-0.9.21-1.fc36
2022-12-21 01:18:14
[SECURITY] Fedora 37 Update: xrdp-0.9.21-1.fc37
2022-12-21 01:28:50
openvas
openvas
Debian: Security Advisory (DSA-5502-1)
2023-09-19 00:00:00
Fedora: Security Advisory for xrdp (FEDORA-2022-6fe4046ae9)
2022-12-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0033-1)
2023-01-06 00:00:00
mageia
mageia
Updated xrdp packages fix security vulnerability
2023-01-13 20:37:09
debian
debian
[SECURITY] [DSA 5502-1] xrdp security update
2023-09-18 21:42:53
[SECURITY] [DLA 3370-1] xrdp security update
2023-03-30 11:46:21
[SECURITY] [DLA 3375-1] xrdp security update
2023-03-31 14:35:03
altlinux
altlinux
Security fix for the ALT Linux 10 package xrdp version 0.9.21-alt1
2022-12-21 00:00:00
freebsd
freebsd
xrdp -- multiple vulnerabilities
2022-12-01 00:00:00
osv
osv
xrdp - security update
2023-09-18 00:00:00
xrdp - security update
2023-03-28 00:00:00
xrdp vulnerabilities
2023-11-08 13:47:00
ubuntu
ubuntu
xrdp vulnerabilities
2023-11-08 00:00:00
prion
prion
Design/Logic Flaw
2022-12-09 18:15:00
Design/Logic Flaw
2022-12-09 18:15:00
Design/Logic Flaw
2022-12-09 18:15:00
cvelist
cvelist
CVE-2022-23483 Out-of-Bound Read in libxrdp
2022-12-09 17:50:52
CVE-2022-23468 Buffer Overflow in xrdp
2022-12-09 17:49:24
CVE-2022-23478 Out of Bound Write in xrdp
2022-12-09 17:49:42
veracode
veracode
Denial Of Service (DoS)
2022-12-24 13:56:14
Out Of Bound Reads
2022-12-24 13:55:57
Denial Of Service (DoS)
2022-12-24 13:38:27
debiancve
debiancve
CVE-2022-23483
2022-12-09 18:15:00
CVE-2022-23468
2022-12-09 18:15:00
CVE-2022-23482
2022-12-09 18:15:00
ubuntucve
ubuntucve
CVE-2022-23483
2022-12-09 00:00:00
CVE-2022-23479
2022-12-09 00:00:00
CVE-2022-23468
2022-12-09 00:00:00
cve
cve
CVE-2022-23484
2022-12-09 18:15:00
CVE-2022-23479
2022-12-09 18:15:00
CVE-2022-23478
2022-12-09 18:15:00
alpinelinux
alpinelinux
CVE-2022-23483
2022-12-09 18:15:00
CVE-2022-23468
2022-12-09 18:15:00
CVE-2022-23493
2022-12-09 18:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2085
2023-02-02 08:13:45
Advisory ROSA-SA-2023-2250
2023-10-21 13:39:47

10 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON
Related for ROSA-SA-2023-2249
nessus12redos1fedora2openvas13mageia1debian3altlinux1freebsd1osv14ubuntu1prion10cvelist10veracode10debiancve10ubuntucve10cve10alpinelinux10rosalinux2