KLCERT-19-032: A denial-of-service condition in RDesktop before 1.8.5

Главная
Уязвимости
KLCERT-19-032: A denial-of-service condition in RDesktop before 1.8.5

30 октября 2019

Vendor

RDesktop

CVE-IDS

2019-15682
KLCERT

KLCERT-19-032

Timeline

Kaspersky ICS CERT advisory updated

29 января 2024
Kaspersky ICS CERT advisory published

30 октября 2019
Advisory published

30 октября 2019

Description

Rdesktop before version 1.8.5 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial-of-service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5.

CVSS v3

0.0

(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability

Remotely

Attack complexity

Low

User interaction

None

Impact

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

Existence of exploit

PoC

Affected products

RDesktop before 1.8.5

Mitigation

Vendor mitigation

Upgrade to a version: 1.8.5 or newer.

Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.

Вернуться к началу

Timeline

Kaspersky ICS CERT advisory updated

29 января 2024
Kaspersky ICS CERT advisory published

30 октября 2019
Advisory published

30 октября 2019

Вернуться к началу