Alpine: multiple rdesktop packages: security update to 1.8.6-r0

critical Tenable Cloud Security Plugin ID 406894

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function
ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
(CVE-2018-8800)

- rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process()
that results in an information leak. (CVE-2018-8791)

- rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function
cssp_read_tsrequest() that results in a Denial of Service (segfault). (CVE-2018-8792)

- rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function
cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
(CVE-2018-8793)

- rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds
Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote
code execution. (CVE-2018-8794)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-20174

https://security.alpinelinux.org/vuln/CVE-2018-20175

https://security.alpinelinux.org/vuln/CVE-2018-20176

https://security.alpinelinux.org/vuln/CVE-2018-20177

https://security.alpinelinux.org/vuln/CVE-2018-20178

https://security.alpinelinux.org/vuln/CVE-2018-20179

https://security.alpinelinux.org/vuln/CVE-2018-20180

https://security.alpinelinux.org/vuln/CVE-2018-20181

https://security.alpinelinux.org/vuln/CVE-2018-20182

https://security.alpinelinux.org/vuln/CVE-2018-8791

https://security.alpinelinux.org/vuln/CVE-2018-8792

https://security.alpinelinux.org/vuln/CVE-2018-8793

https://security.alpinelinux.org/vuln/CVE-2018-8794

https://security.alpinelinux.org/vuln/CVE-2018-8795

https://security.alpinelinux.org/vuln/CVE-2018-8796

https://security.alpinelinux.org/vuln/CVE-2018-8797

https://security.alpinelinux.org/vuln/CVE-2018-8798

https://security.alpinelinux.org/vuln/CVE-2018-8799

https://security.alpinelinux.org/vuln/CVE-2018-8800

Plugin Details

Severity: Critical

ID: 406894

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-8800

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/29/2019

Reference Information

CVE: CVE-2018-20174, CVE-2018-20175, CVE-2018-20176, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179, CVE-2018-20180, CVE-2018-20181, CVE-2018-20182, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793, CVE-2018-8794, CVE-2018-8795, CVE-2018-8796, CVE-2018-8797, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800

BID: 106938