rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rdesktop | Rdesktop | * | 1.8.3 (including) |
Rdesktop | Ubuntu | bionic | * |
Rdesktop | Ubuntu | cosmic | * |
Rdesktop | Ubuntu | esm-apps/bionic | * |
Rdesktop | Ubuntu | esm-apps/xenial | * |
Rdesktop | Ubuntu | trusty | * |
Rdesktop | Ubuntu | upstream | * |
Rdesktop | Ubuntu | xenial | * |