CVE-2019-15682

NameCVE-2019-15682
DescriptionRDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1837-1, DSA-4473-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rdesktop (PTS)jessie, jessie (lts)1.8.6-0+deb8u2fixed
stretch (security), stretch (lts), stretch1.8.6-2~deb9u1fixed
buster1.8.6-2fixed
sid, trixie, bullseye, bookworm1.9.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rdesktopsourcewheezy(unfixed)end-of-life
rdesktopsourcejessie1.8.6-0+deb8u1DLA-1837-1
rdesktopsourcestretch1.8.6-2~deb9u1DSA-4473-1
rdesktopsource(unstable)1.8.6-1

Notes

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/

Search for package or bug name: Reporting problems