A flaw was found in rdesktop before 1.8.4. A issue in rdpsnddbg_process function may lead to remote code execution. Upstream patch: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
Created rdesktop tracking bugs for this issue: Affects: fedora-all [bug 1670427]
Note: You need to connect to a malicious or a MITM RDP server in order to trigger this flaw. The malicious RDP server can cause a controlled buffer overflow on the client, which may result in code execution. However since the flaw can only be triggered by a specially crafted RDP server, this is why it is rated as having moderate security impact.