CVE-2022-23613

2022-02-0700:00:00

ubuntu.com

xrdp

sesman server

heap overflow

vulnerability

patch

upgrade

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

xrdp is an open source remote desktop protocol (RDP) server. In affected
versions an integer underflow leading to a heap overflow in the sesman
server allows any unauthenticated attacker which is able to locally access
a sesman server to execute code as root. This vulnerability has been
patched in version 0.9.18.1 and above. Users are advised to upgrade. There
are no known workarounds.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxrdp< 0.9.5-2ubuntu0.1~esm2UNKNOWN
ubuntu20.04noarchxrdp< 0.9.12-1ubuntu0.1+esm1UNKNOWN
ubuntu22.04noarchxrdp< 0.9.17-2ubuntu2+esm1UNKNOWN
ubuntu24.04noarchxrdp< anyUNKNOWN
ubuntu14.04noarchxrdp< 0.6.0-1ubuntu0.1+esm3UNKNOWN
ubuntu16.04noarchxrdp< 0.6.1-2ubuntu0.3+esm3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xrdp	< 0.9.5-2ubuntu0.1~esm2	UNKNOWN
ubuntu	20.04	noarch	xrdp	< 0.9.12-1ubuntu0.1+esm1	UNKNOWN
ubuntu	22.04	noarch	xrdp	< 0.9.17-2ubuntu2+esm1	UNKNOWN
ubuntu	24.04	noarch	xrdp	< any	UNKNOWN
ubuntu	14.04	noarch	xrdp	< 0.6.0-1ubuntu0.1+esm3	UNKNOWN
ubuntu	16.04	noarch	xrdp	< 0.6.1-2ubuntu0.3+esm3	UNKNOWN