CVE-2008-5904

Exploit

EPSS 3.11%
Veröffentlicht 15.01.2009 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xrdp ≫ Xrdp Version <= 0.4.1

Xrdp ≫ Xrdp Version0.3

Xrdp ≫ Xrdp Version0.3.1

Xrdp ≫ Xrdp Version0.3.2

Xrdp ≫ Xrdp Version0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.11%	0.856

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

http://openwall.com/lists/oss-security/2009/01/12/3

http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/48094

https://nvd.nist.gov/vuln/detail/CVE-2008-5904

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5904

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5904

EUVD