Neutrino Labs xrdp 0.9.23

CPE Details

Neutrino Labs xrdp 0.9.23
neutrinolabs
xrdp
0.9.23
2023-09-20
15h18 +00:00
2023-09-20
15h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:neutrinolabs:xrdp:0.9.23:*:*:*:*:*:*:*

Informations

Vendor

neutrinolabs

Product

xrdp

Version

0.9.23

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-39917 2024-07-12 15h24 +00:00 xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
9.8
Critical
CVE-2023-42822 2023-09-27 17h55 +00:00 xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
6.5
Medium