PT-2022-4799 · Xrdp+4 · Xrdp+4

Bojan Smojver

Published

2022-02-07

Updated

2024-06-15

CVE-2022-23613

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.9.18.1

Description The issue is related to an integer underflow leading to a heap overflow in the sesman server, allowing any unauthenticated attacker with local access to the sesman server to execute code as root. This enables the attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 0.9.18.1, upgrade to version 0.9.18.1 or above to resolve the issue. As a temporary workaround, consider restricting access to the sesman server to minimize the risk of exploitation.

Exploit

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALT-PU-2022-1226

ALT-PU-2022-1259

ALT-PU-2022-3404

ALT-PU-2023-5781

BDU:2022-05759

CVE-2022-23613

GHSA-8H98-H426-XF32

OPENSUSE-SU-2024:12112-1

USN-6474-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Xrdp

PT-2022-4799 · Xrdp+4 · Xrdp+4

CVE-2022-23613

Weakness Enumeration

Related Identifiers

Affected Products

References · 36