CVE-2019-15682

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5

References

Affected packages

Debian:11 / rdesktop

Package

Name: rdesktop
Purl: pkg:deb/debian/rdesktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rdesktop

Package

Name: rdesktop
Purl: pkg:deb/debian/rdesktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rdesktop

Package

Name: rdesktop
Purl: pkg:deb/debian/rdesktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rdesktop/rdesktop

Affected ranges

Type: GIT
Repo: https://github.com/rdesktop/rdesktop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

34b8a18fe5d4de795851defe34b3ad3e1f43532b

Affected versions

v1.*

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.7.0

v1.7.1

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4