Base Score

HIGH7.5

CVE-2018-20176

rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).

VectorNETWORK

Published Bycve@mitre.org

Published DateMar 15, 2019, 18:29

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
http://www.securityfocus.com/bid/106938
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://security.gentoo.org/glsa/201903-06
https://www.debian.org/security/2019/dsa-4394

Base Score

HIGH7.5

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH