UBUNTU-CVE-2023-42822

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-42822

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42822.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-42822

Related

Published

2023-09-27T18:15:00Z

Modified

2024-10-15T14:11:46Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.0-1ubuntu0.1+esm3

Affected versions

0.*

0.6.0-1

0.6.0-1ubuntu0.1

0.6.0-1ubuntu0.1+esm1

0.6.0-1ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.1-2ubuntu0.3+esm3

Affected versions

0.*

0.6.1-2

0.6.1-2ubuntu0.1

0.6.1-2ubuntu0.3

0.6.1-2ubuntu0.3+esm1

0.6.1-2ubuntu0.3+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.5-2ubuntu0.1~esm2

Affected versions

0.*

0.9.1-9

0.9.4-1

0.9.4-2

0.9.4-3

0.9.4-4

0.9.4-5

0.9.5-1

0.9.5-1build1

0.9.5-2

0.9.5-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-pulseaudio-installer"
        }
    ]
}

Ubuntu:20.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.9-1

0.9.12-1

0.9.12-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12-1ubuntu0.1+esm1

Affected versions

0.*

0.9.9-1

0.9.12-1

0.9.12-1ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.15-1ubuntu1

0.9.17-1

0.9.17-2

0.9.17-2ubuntu1

0.9.17-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.17-2ubuntu2+esm1

Affected versions

0.*

0.9.15-1ubuntu1

0.9.17-1

0.9.17-2

0.9.17-2ubuntu1

0.9.17-2ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:24.10 / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.24-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.24-4",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.24-4",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.21.1-1

0.9.24-2

0.9.24-3

0.9.24-3build1

0.9.24-3build2

0.9.24-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}