rdesktop process_bitmap_updates() Function Out-of-Bounds Read Denial of Service Vulnerability

By GIXnews

A vulnerability in the process_bitmap_updates() function of rdesktop could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an out-of-bounds read condition that exists in the process_bitmap_updates() function of the affected software. An attacker could exploit this vulnerability by persuading a user who is using a Remote Desktop Protocol (RDP) client on a targeted system to connect to an attacker-controlled RDP server. A successful exploit could trigger a segmentation fault (segfault), resulting in a DoS condition.

rdesktop has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-8796

Source:: Cisco Multivendor Vulnerability Alerts