Xrdp · Xrdp · CVE-2022-23613
**Name of the Vulnerable Software and Affected Versions**
xrdp versions prior to 0.9.18.1
**Description**
The issue is related to an integer underflow leading to a heap overflow in the sesman server, allowing any unauthenticated attacker with local access to the sesman server to execute code as root. This enables the attacker to access confidential data, compromise its integrity, and cause a denial of service.
**Recommendations**
For versions prior to 0.9.18.1, upgrade to version 0.9.18.1 or above to resolve the issue. As a temporary workaround, consider restricting access to the sesman server to minimize the risk of exploitation.