CVE-2022-23480

2022-12-0900:00:00

ubuntu.com

xrdp

cve-2022-23480

buffer overflow

devredir_proc_client_devlist_announce_req

upgrade

microsoft remote desktop protocol

bugs

debian

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.6%

JSON

xrdp is an open source project which provides a graphical login to remote
machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21
contain a buffer over flow in devredir_proc_client_devlist_announce_req()
function. There are no known workarounds for this issue. Users are advised
to upgrade.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025879>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxrdp< 0.9.5-2ubuntu0.1~esm2UNKNOWN
ubuntu20.04noarchxrdp< 0.9.12-1ubuntu0.1+esm1UNKNOWN
ubuntu22.04noarchxrdp< 0.9.17-2ubuntu2+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xrdp	< 0.9.5-2ubuntu0.1~esm2	UNKNOWN
ubuntu	20.04	noarch	xrdp	< 0.9.12-1ubuntu0.1+esm1	UNKNOWN
ubuntu	22.04	noarch	xrdp	< 0.9.17-2ubuntu2+esm1	UNKNOWN