24 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 RDesktop versión 1.8.4, contiene múltiples vulnerabilidades de lectura de acceso fuera de límite en su código, lo que resulta en una condición de denegación de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. Estos problemas han sido solucionados en la versión 1.8.5. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene varios errores en la propiedad signedness de un número entero que conducen a lecturas fuera de límites en el archivo mcs.c y resultan en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 1

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un subdesbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función lspci_process() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 1

rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un desbordamiento de búfer en las variables globales en la función seamless_process_line() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene varias lecturas fuera de límites en el archivo secure.c que resultan en una denegación de servicio (segfault). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html http://www.securityfocus.com/bid/106938 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://security.gentoo.org/glsa/201903-06 https://www.debian.org/security/2019/dsa-4394 • CWE-125: Out-of-bounds Read •