CVE-2018-8800
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-8800
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8800.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-8800
- Downstream
- Related
- Published
- 2019-02-05T20:29:00Z
- Modified
- 2025-10-15T10:03:08.909482Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function uicliphandle_data() that results in a memory corruption and probably even a remote code execution.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
- http://www.securityfocus.com/bid/106938
- https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
- https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
- https://security.gentoo.org/glsa/201903-06
- https://www.debian.org/security/2019/dsa-4394
Affected packages
Git / github.com/rdesktop/rdesktop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rdesktop/rdesktop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "102109941492706354193108989989607919462",
"length": 311.0
},
"id": "CVE-2018-8800-0558d660",
"target": {
"function": "rdpsnddbg_process",
"file": "rdpsnd.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"144889497555873324432556697810018375193",
"285970189579114013766799836947310315678",
"270816262173449221285553467462134578506",
"325186592733373041218312473429593382904",
"220268521610787835536658971242479846700",
"144110688863425244097048707733851804040",
"245177756320717448177198739653951361867",
"89014976211619085452850589258902080359",
"220491136189845364458243483393433854006",
"104483840699699325525393916173061118059",
"92040338205133293759970085129203682208",
"253324506456331923963072215428849844937",
"255775755726455396490746606189150487714",
"3888552295741281657028581934379868514",
"134990770614685385976946072259910718440",
"68419567531704512108124312876631619189",
"188529856261053129316796137418604658169",
"220895217511415846818883714149352904565",
"69884437030685109171095197680209449451",
"70474942178962341616321845463910228068",
"92443471765436115812374571258744088162",
"329866559375832780598772018768114646536",
"225450082663863931962025871471929480706",
"306024041668703372567758879693806618625",
"244632919167387788943651294210772552029",
"49922048636372807380079152039183798637",
"260208329640123571257463828381803491408",
"244056854380780169557481621130317470015",
"102466797679996462347267692613627122139",
"85186208556903751255023531352131889416",
"179200273200336598050902055091527128967",
"285860418814498733530731431175959836936",
"10764848227679589507359549904238807793",
"287897774640179010357213508987819620597",
"282297531307453152515219781085429345384",
"217492407333916567153723813452963094669",
"234892753016237545410958667606109322084",
"197394533623361094878985995049363387751",
"12217096809086979099746479744596551022",
"60337526683344410362651528859296961003",
"262611244430493056329365550674867030636",
"176877617536580354770440493189907333155",
"112948618898383772342352362189926176978",
"285869843650339858594821148554391252743",
"170596817023092964608583524059422280603",
"139843593560618617711137288514616665774",
"12838125535814696202738635419331092018",
"192795291703405636308648593377595820749",
"52176291935310296406073430315992686580",
"253430787652648431243875338181100226413",
"288257421633529397144854236065263169512",
"310467828743092354966082905640951553710",
"83584083316752578860702345986533804844",
"157893872134871179479216946454652734644",
"35787445694093622518484071222065174568",
"191693132976621376900855920544500218667",
"127269937082439293965794101462429908850",
"328030802608285289298758610378752778178",
"253445817505416016349586281735708738714",
"328948931739182177869201567883049010983",
"235230704509890936733231749677984549823",
"153125447825636689811825108399557853425",
"92542199867049911392638847346117461030",
"42532639111554077561257432718651983520",
"100352340646438253370094367925234189586",
"52129109679614435480037791058209145072",
"318551145880765654635878891444911956912",
"150378556685250051507630712857043291951",
"26967747596178019039306697975594011101",
"100652203453343369350360607660016334014",
"78607500738567289442917930453406970609",
"19332848786407915918385152975247373535",
"24479050735936275124038368805836518518",
"328292406747901752129683700942760330707",
"273547116525458663904111069022696232339",
"213031122930525436600388616728822199596",
"272916154850973349815837224955198145234"
]
},
"id": "CVE-2018-8800-0dee8c3b",
"target": {
"file": "rdp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"144926119636820723726882739036374803176",
"6267027209065208799919652414100735231",
"247037742828528542453399666328276250889"
]
},
"id": "CVE-2018-8800-2259770c",
"target": {
"file": "asn.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "147183047543115306882056102838964287827",
"length": 1407.0
},
"id": "CVE-2018-8800-234003b9",
"target": {
"function": "process_plane",
"file": "bitmap.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "70447797123020146806421733898247616841",
"length": 1875.0
},
"id": "CVE-2018-8800-38030606",
"target": {
"function": "cssp_read_tsrequest",
"file": "cssp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "255150572559680655434460911361291350044",
"length": 161.0
},
"id": "CVE-2018-8800-4471d103",
"target": {
"function": "mcs_parse_domain_params",
"file": "mcs.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"157020775477898247095451986239378067207",
"284780832767083423097716600317721781851",
"34761941173988377800489144587796494334",
"275716786219318423848909273478608884930",
"310600171297424979877571899646575716027",
"41564657687016275509242053028506019461",
"236997835446493822981209679759964198253",
"72420050107461569155385968790780731110"
]
},
"id": "CVE-2018-8800-5044ebe9",
"target": {
"file": "proto.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "138579080327914696728362598475451236670",
"length": 790.0
},
"id": "CVE-2018-8800-54342552",
"target": {
"function": "process_secondary_order",
"file": "orders.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"210793762335981366622542191921921089102",
"156703705206104651793048517867874405698",
"5501894318555408109502941686457501680",
"152266119617772310187539795254713670718",
"148310583353504361198122808107772587676",
"194919660460306163858239724859663915972",
"172410351255355535753619976003689319748"
]
},
"id": "CVE-2018-8800-5935f5c9",
"target": {
"file": "cliprdr.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"150250902319357362326589542978708175921",
"121420834331063720371326342647305181336",
"29393386051506202388885838734776758907",
"19593665629452061073273197983973120681",
"49129114503149936582136811013147533617",
"214091211658754616237917944490188776720",
"225416710790249723072709126087104366781",
"297203682607695882948617330672555307875",
"57430642535643389901892041351745704825",
"338707785571828633454006095343067539437",
"68494611625835809348853256100357286163",
"164442023949833882339655096077554051415",
"32691018749199886066984816237837677233",
"11279390145265789254726898717512713340",
"174862176428095927998717417125881789399",
"134683741110208993990161735824844576775",
"310295896345251970472922992421128239565",
"11279390145265789254726898717512713340",
"113952428848114378373379572728071966555",
"227998037303159582074703407077582669921",
"93467852857842316382803616141868111064"
]
},
"id": "CVE-2018-8800-5b8792c0",
"target": {
"file": "secure.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "69319005614635147673950247604736299031",
"length": 1079.0
},
"id": "CVE-2018-8800-5b98d652",
"target": {
"function": "cliprdr_process",
"file": "cliprdr.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"40589527824911916184691300704113237294",
"200171555808099056685472003166328632056",
"93524838411328545942842181886482855891",
"248765457817526216608580182070963151553",
"279592810079391459761518363588783651510",
"26010150647010341219540743174816103561",
"116691741127472537176637512722680504988",
"25531827522758197525553012239656595144",
"18678032028817684594742127810312211161",
"250464752618759039555288897583008682745",
"252417516191753639317364541297155833983",
"141968500618622202847051708039516603966",
"273812019710437382166289683703787617519",
"171298522589588561692262081879586767795",
"88434469030922401006106044192473551750",
"113765684042300345824582665958492098008",
"124095768239052304633288982270566714602",
"195559134070601150620600586950375028977"
]
},
"id": "CVE-2018-8800-63ff0e23",
"target": {
"file": "mcs.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "156719150312610857938612959434269154020",
"length": 1477.0
},
"id": "CVE-2018-8800-69cb5d1c",
"target": {
"function": "process_bitmap_updates",
"file": "rdp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"35415357673050908455149321588406663330",
"223937485204564797344465521815285766671",
"18390196712728924960350710847725931829",
"249269190645351276646765626524920346365",
"121024164617858200641691031780198612168",
"209503235906898428409268863440823469232",
"298042340528043755239165924522166538791"
]
},
"id": "CVE-2018-8800-74cbeb92",
"target": {
"file": "rdpsnd.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "132095683505339531706132742290013439464",
"length": 280.0
},
"id": "CVE-2018-8800-755ceb74",
"target": {
"function": "seamless_process",
"file": "seamless.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"165154195627643620543620938357786658341",
"95199303338778360471137182735038462867",
"121024164617858200641691031780198612168",
"270526242318614382508542123475331423011",
"268514325143679100817171637334267644927"
]
},
"id": "CVE-2018-8800-76b4dd54",
"target": {
"file": "lspci.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"9050644381343416420956149539330214143",
"184677543974349925722753195190553150746",
"6874896863917834360794467396786703320",
"133323462706901791834541222376213202170",
"309126454728163853132388408417891703593",
"313495569796015095153755685729517761937",
"24679769544033266847041136542436628706",
"148875802977607967561541563625248739108",
"225829828691512885351789512759870200388"
]
},
"id": "CVE-2018-8800-80c02fe1",
"target": {
"file": "rdpdr.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "188034485594817878426413077922344669348",
"length": 355.0
},
"id": "CVE-2018-8800-8eabee4b",
"target": {
"function": "rdpsnd_process_training",
"file": "rdpsnd.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "268312794963424602524310581020668120342",
"length": 1254.0
},
"id": "CVE-2018-8800-983ccc90",
"target": {
"function": "sec_recv",
"file": "secure.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "151036052066117425574748559382006452261",
"length": 342.0
},
"id": "CVE-2018-8800-ae84379a",
"target": {
"function": "sec_decrypt",
"file": "secure.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"156116824414680118006289738435650502989",
"265248749638125272969168515171890013173",
"94017914489547623420267973926210410308",
"294065584018814834881985832689790911201",
"259603876989303292966814574568976878354",
"250740815142459459774429341288968429735",
"61540251016951729481153123236959660854",
"332910650073684633949543218897942505947",
"28934009645563794271941820383896143330",
"159694140957995385611774010159640491171",
"22651108462682289063710236293010268528",
"118910328637747976592803847376762892159",
"293750687085664641466973411762775030494",
"262208891725719352093391250660994056626",
"250447231901126340735943568254935808660",
"4855364658018910932431227836046773964"
]
},
"id": "CVE-2018-8800-b16d1592",
"target": {
"file": "cssp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "129681526369166403320636349675032399985",
"length": 730.0
},
"id": "CVE-2018-8800-bb702323",
"target": {
"function": "process_demand_active",
"file": "rdp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"141512132228073104068672788816618272341",
"91087555674205596958287212170508793355",
"326433841834773331940380053109117915531",
"147132481235048515567024425659754556954",
"199499174233176236388692649706953602762",
"185582052051681183193656345265098554776",
"80847747608846774597581332597666275158",
"103111526061914848381669524308515733806",
"141512132228073104068672788816618272341",
"91087555674205596958287212170508793355",
"322426163342856549068875320810349446042",
"98327684003301995825263340173934415746",
"199499174233176236388692649706953602762",
"185582052051681183193656345265098554776",
"312563329613364071974613834041524840273",
"17593147765508383730231192463354471040"
]
},
"id": "CVE-2018-8800-be8c8d74",
"target": {
"file": "bitmap.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "69841999535023704464934288151760248940",
"length": 662.0
},
"id": "CVE-2018-8800-c7e16d8b",
"target": {
"function": "mcs_recv_connect_response",
"file": "mcs.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "60729789324186224199022644288127852833",
"length": 295.0
},
"id": "CVE-2018-8800-cd0ada68",
"target": {
"function": "lspci_process",
"file": "lspci.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "213566815768839182374169039542717583900",
"length": 1002.0
},
"id": "CVE-2018-8800-d1cff85c",
"target": {
"function": "rdp_in_unistr",
"file": "rdp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "27641323796780274765203968791379803633",
"length": 4862.0
},
"id": "CVE-2018-8800-dc7c4588",
"target": {
"function": "seamless_process_line",
"file": "seamless.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"130674942740753293644659169162150322223",
"142944318523375496584386215758439837393",
"276793857083192363638002357599772639607",
"240026787908099125740546560664565560748",
"14376684503090415495335326060979255212",
"204518746798243653520817680122410066028",
"170684181064268305755785303525263155796"
]
},
"id": "CVE-2018-8800-e9652bb7",
"target": {
"file": "orders.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "336115944316993744978160550365152981657",
"length": 1141.0
},
"id": "CVE-2018-8800-f5312252",
"target": {
"function": "rdpdr_process",
"file": "rdpdr.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"125437503200259741832066349442065238011",
"286391498505942949668653145377899211570",
"80704440997217175523025054490285547856",
"183407549329509366277656709979215549899",
"313570441642011655266599607264263025672",
"75322162521339795125236999874513079246",
"189081423849152620846829733980186685258",
"268514325143679100817171637334267644927"
]
},
"id": "CVE-2018-8800-f7b44f5f",
"target": {
"file": "seamless.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"signature_type": "Line"
}
]