Vulnerability Description
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Neutrinolabs | Xrdp | 0.9.17 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506aPatchThird Party Advisory
- https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506aPatchThird Party Advisory
- https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-23613?
CVE-2022-23613 is a vulnerability with a CVSS score of 7.8 (HIGH). xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able...
How severe is CVE-2022-23613?
CVE-2022-23613 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23613?
Check the references section above for vendor advisories and patch information. Affected products include: Neutrinolabs Xrdp, Fedoraproject Fedora.