30 October 2019

KLCERT-19-032: Denial of Service in RDesktop before 1.8.4

Timeline

Description

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5.

Exploitability

Remotely

Attack complexity

Low

User interaction

None

Impact

Successful exploitation of this vulnerability could allow an attacker to cause Denial of Service.

Existence of exploit

Unknown

Affected products

RDesktop before 1.8.4

Mitigation

Vendor mitigation

Upgrade to a newer version: 1.8.5

Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.