PT-2023-5611 · Debian+7 · Debian+7

Metalefty

Publicado

2023-09-27

Atualizado

2025-09-03

CVE-2023-42822

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.9.23.1

Description The issue is related to an out-of-bounds read within the xrdp executable due to unbounds-checked access to font glyphs in xrdp painter.c. This can result in an out-of-bounds read within a potentially privileged process, and on non-Debian platforms, xrdp tends to run as root. Potentially, an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact if xrdp is running in forking mode.

Recommendations To resolve the issue, upgrade to release 0.9.23.1 or later. As a temporary workaround, consider restricting access to the xrdp painter.c component until a patch is available. Avoid using controllable data by the user in the affected xrdp executable until the issue is resolved.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2023-5920

ALT-PU-2023-5929

ALT-PU-2023-5931

ALT-PU-2023-6233

ALT-PU-2023-6240

BDU:2023-06266

CVE-2023-42822

DLA-4166-1

GHSA-2HJX-RM4F-R9HW

MGASA-2023-0334

OPENSUSE-SU-2024:13399-1

ROSA-SA-2024-2445

ROSA-SA-2024-2523

SUSE-SU-2023:4577-1

SUSE-SU-2023:4873-1

SUSE-SU-2023_4577-1

USN-6474-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Xrdp

PT-2023-5611 · Debian+7 · Debian+7

CVE-2023-42822

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60