Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-20181

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.

Related bugs and status

CVE-2018-20181 (Candidate) is related to these bugs:

Bug #1817415: Backport 1.8.4-1 from Disco to Bionic and Cosmic as a security update

Summary				In	Importance	Status
	1817415	Backport 1.8.4-1 from Disco to Bionic and Cosmic as a security update		rdesktop (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

BID: 106938
CONFIRM: https://research.check...
DEBIAN: DSA-4394
GENTOO: GLSA-201903-06
MISC: https://github.com/rde...
MLIST: [debian-lts-announce] ...
SUSE: openSUSE-SU-2019:2135