Alpine: multiple xrdp packages: security update to 0.9.21.1-r0

critical Tenable Self-Hosted Container Security Plugin ID 407940

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote
Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in
xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users
are advised to upgrade. (CVE-2022-23484)

- xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote
Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function.
There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23468)

- xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote
Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are
no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23477)

- xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote
Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in
xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue.
Users are advised to upgrade. (CVE-2022-23478)

- xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote
Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function.
There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23479)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-23468

https://security.alpinelinux.org/vuln/CVE-2022-23477

https://security.alpinelinux.org/vuln/CVE-2022-23478

https://security.alpinelinux.org/vuln/CVE-2022-23479

https://security.alpinelinux.org/vuln/CVE-2022-23480

https://security.alpinelinux.org/vuln/CVE-2022-23481

https://security.alpinelinux.org/vuln/CVE-2022-23482

https://security.alpinelinux.org/vuln/CVE-2022-23483

https://security.alpinelinux.org/vuln/CVE-2022-23484

https://security.alpinelinux.org/vuln/CVE-2022-23493

Plugin Details

Severity: Critical

ID: 407940

Version: Revision 1.34

Type: Local

Published: 10/31/2023

Updated: 1/8/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-23484

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/9/2022

Reference Information

CVE: CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23482, CVE-2022-23483, CVE-2022-23484, CVE-2022-23493