CVE-2023-42822

4.6 MEDIUM
Published: September 27, 2023 Modified: November 03, 2025
View on NVD

Description

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
Source: security-advisories@github.com
Patch
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
Source: security-advisories@github.com
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FPGA4M7IYCP7OILDF2ZJEVSXUOFEFQ6/
Source: security-advisories@github.com
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFGL22QQF65OIZRMCKUZCVJQCKGUBRYE/
Source: security-advisories@github.com
Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTXODUR4ILM7ZPA6ZGY6VSK4BBSBMKGY/
Source: security-advisories@github.com
Mailing List Release Notes
https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FPGA4M7IYCP7OILDF2ZJEVSXUOFEFQ6/
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFGL22QQF65OIZRMCKUZCVJQCKGUBRYE/
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTXODUR4ILM7ZPA6ZGY6VSK4BBSBMKGY/
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Release Notes

11 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.6 / 10.0
EPSS (Exploit Probability)
0.3%
56th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-125 CWE-125

Affected Vendors

fedoraproject neutrinolabs

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3