CVE-2017-16927
23.11.2017, 06:29
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| neutrinolabs | xrdp | 𝑥 ≤ 0.9.4 |
| debian | debian_linux | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpainter0 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| librfxencode0 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| xrdp |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| xrdp-devel |
|
Common Weakness Enumeration
References