PT-2022-5895 · Xrdp+6 · Xrdp+6

Published

2022-12-09

·

Updated

2024-06-15

·

CVE-2022-23482

CVSS v2.0

9.4

Critical

VectorAV:N/AC:L/Au:N/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.9.21
Description The issue is related to an Out of Bound Read in the xrdp sec process mcs data CS CORE() function. This can allow a remote attacker to gain unauthorized access to protected information or cause a denial of service. The vulnerability is associated with a buffer read beyond its boundaries in memory.
Recommendations For versions prior to 0.9.21, users are advised to upgrade to a newer version to resolve the issue. As a temporary workaround, consider disabling the xrdp sec process mcs data CS CORE() function until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-3320
ALT-PU-2022-3387
ALT-PU-2022-3404
ALT-PU-2023-5781
BDU:2022-07311
CVE-2022-23482
DLA-3375-1
DSA-5502-1
GHSA-56PQ-2PM9-7FHM
MGASA-2023-0002
OPENSUSE-SU-2023_0033-1
OPENSUSE-SU-2024:12602-1
ROSA-SA-2023-2249
SUSE-SU-2023:0012-1
SUSE-SU-2023:0033-1
SUSE-SU-2023:0340-1
SUSE-SU-2023:0374-1
SUSE-SU-2023:0387-1
USN-6474-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Red Os
Suse
Ubuntu
Xrdp