PT-2022-5890 · Xrdp+6 · Xrdp+6

Published

2022-12-09

Updated

2024-06-15

CVE-2022-23480

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.9.21

Description The issue is related to a buffer overflow in the devredir proc client devlist announce req() function. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability is associated with the copying of a buffer without checking the size of the input data.

Recommendations For versions prior to 0.9.21, users are advised to upgrade to a version that contains the fix for this issue. As a temporary workaround, consider disabling the devredir proc client devlist announce req() function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2022-3320

ALT-PU-2022-3387

ALT-PU-2022-3404

ALT-PU-2023-5781

BDU:2022-07306

CVE-2022-23480

DLA-3375-1

DSA-5502-1

GHSA-3JMX-F6HV-95WG

MGASA-2023-0002

OPENSUSE-SU-2023_0033-1

OPENSUSE-SU-2024:12602-1

ROSA-SA-2023-2249

SUSE-SU-2023:0012-1

SUSE-SU-2023:0033-1

SUSE-SU-2023:0340-1

SUSE-SU-2023:0374-1

SUSE-SU-2023:0387-1

USN-6474-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Xrdp

PT-2022-5890 · Xrdp+6 · Xrdp+6

CVE-2022-23480

Weakness Enumeration

Related Identifiers

Affected Products

References · 73