FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2025-01-14 21:31:10 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| af065e47-5d62-11ee-bbae-1c61b4739ac9 | xrdp -- unchecked access to font glyph info
xrdp team reports:
Access to the font glyphs in xrdp_painter.c is not bounds-checked.
Since some of this data is controllable by the user, this can result
in an out-of-bounds read within the xrdp executable. The vulnerability
allows an out-of-bounds read within a potentially privileged process.
On non-Debian platforms, xrdp tends to run as root. Potentially an
out-of-bounds write can follow the out-of-bounds read. There is no
denial-of-service impact, providing xrdp is running in forking mode. This
issue has been addressed in release 0.9.23.1. Users are advised to upgrade.
There are no known workarounds for this vulnerability.
Discovery 2023-09-27
Entry 2023-09-27
xrdp
< 0.9.23.1
CVE-2023-42822
https://www.cve.org/CVERecord?id=CVE-2023-42822
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
|