FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xrdp -- local user can cause a denial of service

Affected packages
xrdp-devel <= 0.9.3,1
0.9.3_1,1 < xrdp-devel <= 0.9.4,1


VuXML ID a66f9be2-d519-11e7-9866-c85b763a2f96
Discovery 2017-11-23
Entry 2017-11-29

xrdp reports:

The scp_v0s_accept function in the session manager uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.


CVE Name CVE-2017-16927