xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v
Created xrdp tracking bugs for this issue: Affects: epel-all [bug 2155491] Affects: fedora-all [bug 2155492]
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6ffa4643dc https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a0c828a573 https://bodhi.fedoraproject.org/updates/FEDORA-2022-08d2138578 https://bodhi.fedoraproject.org/updates/FEDORA-2022-6fe4046ae9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-aaf428feb8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-0b26ab3924
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.