Unrated severityNVD Advisory· Published Dec 9, 2022· Updated Apr 23, 2025
Buffer Overflow in xrdp
CVE-2022-23468
Description
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32<0.9.21+ 1 more
- (no CPE)range: <0.9.21
- (no CPE)range: < 0.9.21
- osv-coords30 versionspkg:rpm/opensuse/xrdp&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xrdp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xrdp&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/xrdp&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/xrdp&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xrdp&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/xrdp&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/xrdp&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/xrdp&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2pkg:rpm/suse/xrdp&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/xrdp&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/xrdp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/xrdp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.9.13.1-150200.4.15.1+ 29 more
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.20-4.1
- (no CPE)range: < 0.9.6-150000.4.11.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.6-150000.4.11.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.0~git.1456906198.f422461-16.23.2
- (no CPE)range: < 0.9.0~git.1456906198.f422461-21.30.2
- (no CPE)range: < 0.9.10-3.8.1
- (no CPE)range: < 0.9.6-150000.4.11.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.0~git.1456906198.f422461-21.30.2
- (no CPE)range: < 0.9.10-3.8.1
- (no CPE)range: < 0.9.6-150000.4.11.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.13.1-150200.4.15.1
- (no CPE)range: < 0.9.0~git.1456906198.f422461-21.30.2
- (no CPE)range: < 0.9.0~git.1456906198.f422461-21.30.2
Patches
Vulnerability mechanics
References
2- github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6mitrex_refsource_CONFIRM
- www.debian.org/security/2023/dsa-5502mitre
News mentions
0No linked articles in our index yet.