30 October 2019
KLCERT-19-032: Denial of Service in RDesktop before 1.8.4
-
CVE-IDS
-
KLCERT
KLCERT-19-032
Timeline
Description
RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5.
CVSS v3
Exploitability
Remotely
Attack complexity
Low
User interaction
None
Impact
Successful exploitation of this vulnerability could allow an attacker to cause Denial of Service.
Existence of exploit
Unknown
Affected products
RDesktop before 1.8.4
Mitigation
Vendor mitigation
Upgrade to a newer version: 1.8.5
Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
Back to top 
Back to top 