CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-8800
https://notcve.org/view.php?id=CVE-2018-8800
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen un desbordamiento de búfer basado en memoria dinámica (heap) en la función ui_clip_handle_data(), lo que podría resultar en una corrupción de memoria o incluso una ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-8792
https://notcve.org/view.php?id=CVE-2018-8792
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen una lectura fuera de límites en la función cssp_read_tsrequest(), lo que resulta en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-8796
https://notcve.org/view.php?id=CVE-2018-8796
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen una lectura fuera de límites en la función process_bitmap_updates(), lo que resulta en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-8797
https://notcve.org/view.php?id=CVE-2018-8797
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen un desbordamiento de búfer basado en memoria dinámica (heap) en la función process_plane(), lo que podría resultar en una corrupción de memoria o incluso una ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8798
https://notcve.org/view.php?id=CVE-2018-8798
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. Las versiones de rdesktop, hasta la v1.8.3 (inclusivas), contienen una lectura fuera de límites en la función rdpsnd_process_ping(), lo que resulta en una fuga de información. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •