CVE-2017-16927

Published: Nov 23, 2017Modified: May 13, 2026

8.4

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: NVD

Description

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.

Affected (2)

Products: Neutrinolabs: Xrdp · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Neutrinolabs Xrdp	Up to 0.9.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

https://github.com/neutrinolabs/xrdp/pull/958

Source: cve@mitre.org

Issue TrackingPatch

https://groups.google.com/forum/#%21topic/xrdp-devel/PmVfMuy_xBA

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2017/12/msg00005.html

Source: cve@mitre.org

https://github.com/neutrinolabs/xrdp/pull/958

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://groups.google.com/forum/#%21topic/xrdp-devel/PmVfMuy_xBA

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2017/12/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.