CVE-2018-20175

CVE-2018-20175

Name

CVE-2018-20175

Description

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Patch	https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
Third Party Advisory	https://www.debian.org/security/2019/dsa-4394
Third Party Advisory	https://security.gentoo.org/glsa/201903-06
Mailing List	https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
Third Party Advisory	http://www.securityfocus.com/bid/106938
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html

Type

URI

Exploit

https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

Patch

https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1

Third Party Advisory

https://www.debian.org/security/2019/dsa-4394

Third Party Advisory

https://security.gentoo.org/glsa/201903-06

Mailing List

https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html