Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-23493
HistoryDec 09, 2022 - 12:00 a.m.

CVE-2022-23493

2022-12-0900:00:00
ubuntu.com
ubuntu.com
8
xrdp
out of bound read
remote desktop protocol

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

57.2%

xrdp is an open source project which provides a graphical login to remote
machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21
contain a Out of Bound Read in
xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known
workarounds for this issue. Users are advised to upgrade.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchxrdp< 0.9.12-1ubuntu0.1+esm1UNKNOWN
ubuntu22.04noarchxrdp< 0.9.17-2ubuntu2+esm1UNKNOWN

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

57.2%