Integer Underflow in rdesktop v1.8.3: Heap-Based Buffer Overflow in lspci_process() with Remote Code Execution

Integer Underflow in rdesktop v1.8.3: Heap-Based Buffer Overflow in lspci_process() with Remote Code Execution

CVE-2018-20179 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.

Learn more about our Cis Benchmark Audit For Desktop Software.