rpm package
opensuse/rdesktop&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rdesktop&distro=openSUSE%20Tumbleweed
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20182 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | ||
| CVE-2018-20181 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | ||
| CVE-2018-20180 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | ||
| CVE-2018-20179 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. | ||
| CVE-2018-20178 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | ||
| CVE-2018-20177 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | ||
| CVE-2018-20176 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | ||
| CVE-2018-20175 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | ||
| CVE-2018-20174 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. | ||
| CVE-2018-8800 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8799 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | ||
| CVE-2018-8798 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | ||
| CVE-2018-8797 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8796 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | ||
| CVE-2018-8795 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8794 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. | ||
| CVE-2018-8793 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8792 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | ||
| CVE-2018-8791 | — | < 1.9.0-4.6 | 1.9.0-4.6 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | ||
| CVE-2008-1803 | — | < 1.9.0-4.6 | 1.9.0-4.6 | May 12, 2008 | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original research |
- CVE-2018-20182Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
- CVE-2018-20181Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20180Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20179Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20178Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
- CVE-2018-20177Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
- CVE-2018-20176Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
- CVE-2018-20175Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
- CVE-2018-20174Mar 15, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
- CVE-2018-8800Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8799Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
- CVE-2018-8798Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
- CVE-2018-8797Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8796Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
- CVE-2018-8795Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8794Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8793Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8792Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
- CVE-2018-8791Feb 5, 2019affected < 1.9.0-4.6fixed 1.9.0-4.6
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
- CVE-2008-1803May 12, 2008affected < 1.9.0-4.6fixed 1.9.0-4.6
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original research
Page 1 of 2