Rdesktop
by Rdesktop
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1801 | 0.04 | — | 0.13 | May 12, 2008 | Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field. | |||
| CVE-2008-1802 | 0.04 | — | 0.13 | May 12, 2008 | Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields. | |||
| CVE-2018-20180 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20182 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20177 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||
| CVE-2018-20179 | 0.01 | — | 0.07 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-20181 | 0.01 | — | 0.08 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | |||
| CVE-2018-8795 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8797 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8800 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8794 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. | |||
| CVE-2018-8793 | 0.01 | — | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2008-1803 | 0.01 | — | 0.07 | May 12, 2008 | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original… | |||
| CVE-2019-15682 | 0.00 | — | 0.01 | Oct 30, 2019 | RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 | |||
| CVE-2018-20174 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. | |||
| CVE-2018-20176 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | |||
| CVE-2018-20178 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | |||
| CVE-2018-20175 | 0.00 | — | 0.04 | Mar 15, 2019 | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | |||
| CVE-2018-8796 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||
| CVE-2018-8792 | 0.00 | — | 0.04 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). |
- CVE-2008-1801May 12, 2008risk 0.04cvss —epss 0.13
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
- CVE-2008-1802May 12, 2008risk 0.04cvss —epss 0.13
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
- CVE-2018-20180Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20182Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
- CVE-2018-20177Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
- CVE-2018-20179Mar 15, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20181Mar 15, 2019risk 0.01cvss —epss 0.08
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-8795Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8797Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8800Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8794Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8793Feb 5, 2019risk 0.01cvss —epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
- CVE-2008-1803May 12, 2008risk 0.01cvss —epss 0.07
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original…
- CVE-2019-15682Oct 30, 2019risk 0.00cvss —epss 0.01
RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5
- CVE-2018-20174Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
- CVE-2018-20176Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
- CVE-2018-20178Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
- CVE-2018-20175Mar 15, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
- CVE-2018-8796Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
- CVE-2018-8792Feb 5, 2019risk 0.00cvss —epss 0.04
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
Page 1 of 2