CVE-2021-36158

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-36158

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36158.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-36158

Downstream

ALPINE-CVE-2021-36158

Published

2021-07-05T23:15:07.367Z

Modified

2026-04-10T04:36:30.370129Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.

References

https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811

Affected packages

Git / gitlab.alpinelinux.org/alpine/aports

Affected ranges

Type

GIT

Repo

https://gitlab.alpinelinux.org/alpine/aports

Events

Introduced

Last affected

cf59c903c95a0d42ccae4509a205d46f00c6ceb2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.14"
        }
    ]
}

Affected versions

v1.*

v1.10-branch

v1.9.0

v1.9.0_alpha10

v1.9.0_alpha11

v1.9.0_alpha12

v1.9.0_alpha13

v1.9.0_alpha14

v1.9.0_alpha15

v1.9.0_alpha16

v1.9.0_alpha17

v1.9.0_alpha18

v1.9.0_alpha7

v1.9.0_alpha8

v1.9.0_alpha9

v1.9.0_beta1

v1.9.0_beta2

v1.9.0_beta3

v1.9.0_beta4

v1.9.0_rc1

v1.9.0_rc2

v1.9.0_rc4

v1.9.0_rc5

Other

v101203

v101216

v101221

v101224

v110303

v110310

v110312

v110325

v110407

v110412

v110525

v110527

v110606

v110817

v110824

v110825

v110827

v111111

v120104

v120323

v120820

v120824

v120914

v121009

v121207

v121217

v130301

v130308

v130313

v130910

v131210

v131211

v140416

v140423

v140515

v140930

v141001

v141022

v150306

v160223

v20101203

v20101216

v20190227

v20190228

v20190408

v20190508

v20190707

v20190809

v20190925

v20191114

v20191219

v20200117

v20200122

v20200312

v20200319

v20200428

v20200626

v20200917

v20201218

v20210212

v2.*

v2.0.0

v2.0.0_beta1

v2.0.0_beta2

v2.0.0_beta3

v2.0.0_beta4

v2.0.0_rc1

v2.0.0_rc2

v2.0.0_rc3

v2.1.0

v2.1.0_rc1

v2.1.0_rc2

v2.2.0_rc1

v2.2.0_rc2

v2.2.0_rc3

v2.2.0_rc4

v2.2.0_rc5

v2.3.0

v2.3.0_rc1

v2.3.0_rc2

v2.3.0_rc3

v2.3.0_rc4

v2.3.0_rc5

v2.3.0_rc6

v2.4.0

v2.4.0_rc1

v2.4.0_rc2

v2.4.0_rc3

v2.5.0

v2.5.0_rc2

v2.6.0

v2.6.0_rc1

v2.6.0_rc2

v2.6.0_rc3

v2.6.0_rc4

v2.6.0_rc5

v2.6.0_rc6

v2.7.0

v2.7.0_rc1

v2.7.0_rc2

v2.7.0_rc3

v2.7.0_rc4

v2.7.0_rc5

v2.7.0_rc6

v3.*

v3.0.0

v3.0.0_rc1

v3.0.0_rc2

v3.0.0_rc3

v3.0.0_rc4

v3.0.0_rc5

v3.1.0

v3.1.0_rc1

v3.1.0_rc2

v3.1.0_rc3

v3.1.0_rc4

v3.1.0_rc5

v3.10.0

v3.10.0_rc1

v3.10.0_rc2

v3.10.0_rc3

v3.10.0_rc4

v3.10.0_rc5

v3.10.0_rc6

v3.10.0_rc7

v3.11.0

v3.11.0_rc2

v3.11.0_rc3

v3.11.0_rc4

v3.11.0_rc5

v3.11_rc1

v3.12.0

v3.12.0_rc1

v3.12.0_rc2

v3.12.0_rc3

v3.12.0_rc4

v3.12.0_rc5

v3.13.0

v3.13.0_rc1

v3.13.0_rc2

v3.13.0_rc3

v3.13.0_rc4

v3.13.0_rc5

v3.14.0

v3.14.0_rc1

v3.14.0_rc2

v3.14.0_rc3

v3.14.0_rc4

v3.2.0

v3.2.0_rc1

v3.2.0_rc2

v3.2.0_rc3

v3.2.0_rc4

v3.2.0_rc5

v3.3.0

v3.3.0_rc1

v3.3.0_rc2

v3.3.0_rc3

v3.4.0

v3.4.0_rc1

v3.4.0_rc2

v3.4.0_rc3

v3.5.0

v3.5.0_rc1

v3.5.0_rc2

v3.5.0_rc3

v3.5.0_rc4

v3.5.0_rc5

v3.5.0_rc6

v3.5.0_rc7

v3.6.0

v3.6.0_rc1

v3.6.0_rc2

v3.6.0_rc3

v3.7.0

v3.7.0_rc1

v3.7.0_rc2

v3.7.0_rc3

v3.8.0

v3.8.0_rc1

v3.8.0_rc10

v3.8.0_rc2

v3.8.0_rc3

v3.8.0_rc4

v3.8.0_rc5

v3.8.0_rc6

v3.8.0_rc7

v3.8.0_rc8

v3.8.0_rc9

v3.9.0

v3.9.0_rc1

v3.9.0_rc2

v3.9.0_rc3

v3.9.0_rc4

v3.9.0_rc5

v3.9.0_rc6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36158.json"