CVE-2018-20178
https://notcve.org/view.php?id=CVE-2018-20178
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene una lectura fuera de límites en la función process_demand_active(), que resulta en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read •
CVE-2018-20180
https://notcve.org/view.php?id=CVE-2018-20180
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un subdesbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función rdpsnddbg_process() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2018-20177
https://notcve.org/view.php?id=CVE-2018-20177
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función rdp_in_unistr() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2018-20174
https://notcve.org/view.php?id=CVE-2018-20174
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene una lectura fuera de límites en la función ui_clip_handle_data(), que resulta en una fuga de información. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read •
CVE-2018-20181
https://notcve.org/view.php?id=CVE-2018-20181
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un subdesbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función seamless_process() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •