30 October 2019

KLCERT-19-032: A denial-of-service condition in RDesktop before 1.8.5

Vendor

RDesktop

Timeline

Timeline

  • Kaspersky ICS CERT advisory updated

    29 January 2024

  • Kaspersky ICS CERT advisory published

    30 October 2019

  • Advisory published

    30 October 2019

Description

Rdesktop before version 1.8.5 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial-of-service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5.

Exploitability

Remotely

Attack complexity

Low

User interaction

None

Impact

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

Existence of exploit

PoC

Affected products

RDesktop before 1.8.5

Mitigation

Vendor mitigation

Upgrade to a version: 1.8.5 or newer.

Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.

Timeline

  • Kaspersky ICS CERT advisory updated

    29 January 2024

  • Kaspersky ICS CERT advisory published

    30 October 2019

  • Advisory published

    30 October 2019