Base Score

HIGH7.5

CVE-2018-8799

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).

VectorNETWORK

Published Bycve@checkpoint.com

Published DateFeb 05, 2019, 20:29

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
http://www.securityfocus.com/bid/106938
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://security.gentoo.org/glsa/201903-06
https://www.debian.org/security/2019/dsa-4394

Base Score

HIGH7.5

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH