Neutrinolabs xrdp up to 0.9.20 xrdp_caps_process_confirm_active out-of-bounds
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Neutrinolabs xrdp up to 0.9.20. Impacted is the function xrdp_caps_process_confirm_active. The manipulation results in out-of-bounds.
This vulnerability is known as CVE-2022-23481. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as problematic, was found in Neutrinolabs xrdp up to 0.9.20. Affected is the function xrdp_caps_process_confirm_active. The manipulation with an unknown input leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on availability. CVE summarizes:
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.
The weakness was published 12/10/2022 as GHSA-hm75-9jcg-p7hq. The advisory is shared for download at github.com. This vulnerability is traded as CVE-2022-23481 since 01/19/2022. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 211003 (Fedora 37 : xrdp (2022-6fe4046ae9)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 0.9.21 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (211003). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
- 0.9.0
- 0.9.1
- 0.9.2
- 0.9.3
- 0.9.4
- 0.9.5
- 0.9.6
- 0.9.7
- 0.9.8
- 0.9.9
- 0.9.10
- 0.9.11
- 0.9.12
- 0.9.13
- 0.9.14
- 0.9.15
- 0.9.16
- 0.9.17
- 0.9.18
- 0.9.19
- 0.9.20
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.1VulDB Meta Temp Score: 6.0
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.1
NVD Vector: 🔍
CNA Base Score: 3.9
CNA Vector (GitHub, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 211003
Nessus Name: Fedora 37 : xrdp (2022-6fe4046ae9)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: xrdp 0.9.21
Timeline
01/19/2022 🔍12/10/2022 🔍
12/10/2022 🔍
11/17/2024 🔍
Sources
Product: github.comAdvisory: GHSA-hm75-9jcg-p7hq
Status: Confirmed
CVE: CVE-2022-23481 (🔍)
GCVE (CVE): GCVE-0-2022-23481
GCVE (VulDB): GCVE-100-215220
Entry
Created: 12/10/2022 09:12Updated: 11/17/2024 21:32
Changes: 12/10/2022 09:12 (60), 11/17/2024 21:32 (17)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.