CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.5%
xrdp is vulnerable to Information Disclosure. The vulnerability exists due to the lack of boundary checks in the xrdp_painter.c
file leading to out-of-bounds read errors, which could allow an attacker to gain access to sensitive information.
github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
lists.fedoraproject.org/archives/list/[email protected]/message/5FPGA4M7IYCP7OILDF2ZJEVSXUOFEFQ6/
lists.fedoraproject.org/archives/list/[email protected]/message/PFGL22QQF65OIZRMCKUZCVJQCKGUBRYE/
lists.fedoraproject.org/archives/list/[email protected]/message/RTXODUR4ILM7ZPA6ZGY6VSK4BBSBMKGY/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml