CVE-2018-8795

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.

Weakness

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Affected Software

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/10.html
• https://cwe.mitre.org/data/definitions/100.html
• https://cwe.mitre.org/data/definitions/14.html
• https://cwe.mitre.org/data/definitions/24.html
• https://cwe.mitre.org/data/definitions/45.html
• https://cwe.mitre.org/data/definitions/46.html
• https://cwe.mitre.org/data/definitions/47.html
• https://cwe.mitre.org/data/definitions/67.html
• https://cwe.mitre.org/data/definitions/8.html
• https://cwe.mitre.org/data/definitions/9.html
• https://cwe.mitre.org/data/definitions/92.html

References

• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
• http://www.securityfocus.com/bid/106938
• https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
• https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
• https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
• https://security.gentoo.org/glsa/201903-06
• https://www.debian.org/security/2019/dsa-4394
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
• http://www.securityfocus.com/bid/106938
• https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
• https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
• https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
• https://security.gentoo.org/glsa/201903-06
• https://www.debian.org/security/2019/dsa-4394