A flaw was found in rdesktop before 1.8.4. A Information leak issue in rdpdr_process function may lead to unintentional exposure of data. Upstream patch: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
Created rdesktop tracking bugs for this issue: Affects: fedora-all [bug 1670427]
Note: You need to connect to a malicious or a MITM RDP server in order to trigger this flaw. The malicious RDP server can cause information leak on the client i.e. it could retrieve a small portion of the client memory space.