The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.
References
Configurations
History
21 Nov 2024, 03:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/neutrinolabs/xrdp/pull/958 - Issue Tracking, Patch | |
References | () https://groups.google.com/forum/#%21topic/xrdp-devel/PmVfMuy_xBA - | |
References | () https://lists.debian.org/debian-lts-announce/2017/12/msg00005.html - |
Information
Published : 2017-11-23 06:29
Updated : 2024-11-21 03:17
NVD link : CVE-2017-16927
Mitre link : CVE-2017-16927
CVE.ORG link : CVE-2017-16927
JSON object : View
Products Affected
neutrinolabs
- xrdp
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer