{"id":"CVE-2018-20182","details":"rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.","modified":"2026-04-02T01:12:25.917101Z","published":"2019-03-15T18:29:00.703Z","related":["MGASA-2019-0041","openSUSE-SU-2019:2135-1","openSUSE-SU-2024:11298-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-06"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4394"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106938"},{"type":"FIX","url":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"},{"type":"EVIDENCE","url":"https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rdesktop/rdesktop","events":[{"introduced":"0"},{"last_affected":"b793a87e6d87af0aba384cd07e123151b72031ab"},{"fixed":"4dca546d04321a610c1835010b5dad85163b65e1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.3"}]}}],"versions":["v1.2.0","v1.3.0","v1.3.1","v1.4.0","v1.4.1","v1.5.0","v1.6.0","v1.7.0","v1.7.1","v1.8.0","v1.8.1","v1.8.2","v1.8.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20182.json","vanir_signatures":[{"digest":{"function_hash":"102109941492706354193108989989607919462","length":311},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-0558d660","target":{"file":"rdpsnd.c","function":"rdpsnddbg_process"}},{"digest":{"threshold":0.9,"line_hashes":["144889497555873324432556697810018375193","285970189579114013766799836947310315678","270816262173449221285553467462134578506","325186592733373041218312473429593382904","220268521610787835536658971242479846700","144110688863425244097048707733851804040","245177756320717448177198739653951361867","89014976211619085452850589258902080359","220491136189845364458243483393433854006","104483840699699325525393916173061118059","92040338205133293759970085129203682208","253324506456331923963072215428849844937","255775755726455396490746606189150487714","3888552295741281657028581934379868514","134990770614685385976946072259910718440","68419567531704512108124312876631619189","188529856261053129316796137418604658169","220895217511415846818883714149352904565","69884437030685109171095197680209449451","70474942178962341616321845463910228068","92443471765436115812374571258744088162","329866559375832780598772018768114646536","225450082663863931962025871471929480706","306024041668703372567758879693806618625","244632919167387788943651294210772552029","49922048636372807380079152039183798637","260208329640123571257463828381803491408","244056854380780169557481621130317470015","102466797679996462347267692613627122139","85186208556903751255023531352131889416","179200273200336598050902055091527128967","285860418814498733530731431175959836936","10764848227679589507359549904238807793","287897774640179010357213508987819620597","282297531307453152515219781085429345384","217492407333916567153723813452963094669","234892753016237545410958667606109322084","197394533623361094878985995049363387751","12217096809086979099746479744596551022","60337526683344410362651528859296961003","262611244430493056329365550674867030636","176877617536580354770440493189907333155","112948618898383772342352362189926176978","285869843650339858594821148554391252743","170596817023092964608583524059422280603","139843593560618617711137288514616665774","12838125535814696202738635419331092018","192795291703405636308648593377595820749","52176291935310296406073430315992686580","253430787652648431243875338181100226413","288257421633529397144854236065263169512","310467828743092354966082905640951553710","83584083316752578860702345986533804844","157893872134871179479216946454652734644","35787445694093622518484071222065174568","191693132976621376900855920544500218667","127269937082439293965794101462429908850","328030802608285289298758610378752778178","253445817505416016349586281735708738714","328948931739182177869201567883049010983","235230704509890936733231749677984549823","153125447825636689811825108399557853425","92542199867049911392638847346117461030","42532639111554077561257432718651983520","100352340646438253370094367925234189586","52129109679614435480037791058209145072","318551145880765654635878891444911956912","150378556685250051507630712857043291951","26967747596178019039306697975594011101","100652203453343369350360607660016334014","78607500738567289442917930453406970609","19332848786407915918385152975247373535","24479050735936275124038368805836518518","328292406747901752129683700942760330707","273547116525458663904111069022696232339","213031122930525436600388616728822199596","272916154850973349815837224955198145234"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-0dee8c3b","target":{"file":"rdp.c"}},{"digest":{"threshold":0.9,"line_hashes":["144926119636820723726882739036374803176","6267027209065208799919652414100735231","247037742828528542453399666328276250889"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-2259770c","target":{"file":"asn.c"}},{"digest":{"function_hash":"147183047543115306882056102838964287827","length":1407},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-234003b9","target":{"file":"bitmap.c","function":"process_plane"}},{"digest":{"function_hash":"70447797123020146806421733898247616841","length":1875},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-38030606","target":{"file":"cssp.c","function":"cssp_read_tsrequest"}},{"digest":{"function_hash":"255150572559680655434460911361291350044","length":161},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-4471d103","target":{"file":"mcs.c","function":"mcs_parse_domain_params"}},{"digest":{"threshold":0.9,"line_hashes":["157020775477898247095451986239378067207","284780832767083423097716600317721781851","34761941173988377800489144587796494334","275716786219318423848909273478608884930","310600171297424979877571899646575716027","41564657687016275509242053028506019461","236997835446493822981209679759964198253","72420050107461569155385968790780731110"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-5044ebe9","target":{"file":"proto.h"}},{"digest":{"function_hash":"138579080327914696728362598475451236670","length":790},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-54342552","target":{"file":"orders.c","function":"process_secondary_order"}},{"digest":{"threshold":0.9,"line_hashes":["210793762335981366622542191921921089102","156703705206104651793048517867874405698","5501894318555408109502941686457501680","152266119617772310187539795254713670718","148310583353504361198122808107772587676","194919660460306163858239724859663915972","172410351255355535753619976003689319748"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-5935f5c9","target":{"file":"cliprdr.c"}},{"digest":{"threshold":0.9,"line_hashes":["150250902319357362326589542978708175921","121420834331063720371326342647305181336","29393386051506202388885838734776758907","19593665629452061073273197983973120681","49129114503149936582136811013147533617","214091211658754616237917944490188776720","225416710790249723072709126087104366781","297203682607695882948617330672555307875","57430642535643389901892041351745704825","338707785571828633454006095343067539437","68494611625835809348853256100357286163","164442023949833882339655096077554051415","32691018749199886066984816237837677233","11279390145265789254726898717512713340","174862176428095927998717417125881789399","134683741110208993990161735824844576775","310295896345251970472922992421128239565","11279390145265789254726898717512713340","113952428848114378373379572728071966555","227998037303159582074703407077582669921","93467852857842316382803616141868111064"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-5b8792c0","target":{"file":"secure.c"}},{"digest":{"function_hash":"69319005614635147673950247604736299031","length":1079},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-5b98d652","target":{"file":"cliprdr.c","function":"cliprdr_process"}},{"digest":{"threshold":0.9,"line_hashes":["40589527824911916184691300704113237294","200171555808099056685472003166328632056","93524838411328545942842181886482855891","248765457817526216608580182070963151553","279592810079391459761518363588783651510","26010150647010341219540743174816103561","116691741127472537176637512722680504988","25531827522758197525553012239656595144","18678032028817684594742127810312211161","250464752618759039555288897583008682745","252417516191753639317364541297155833983","141968500618622202847051708039516603966","273812019710437382166289683703787617519","171298522589588561692262081879586767795","88434469030922401006106044192473551750","113765684042300345824582665958492098008","124095768239052304633288982270566714602","195559134070601150620600586950375028977"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-63ff0e23","target":{"file":"mcs.c"}},{"digest":{"function_hash":"156719150312610857938612959434269154020","length":1477},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-69cb5d1c","target":{"file":"rdp.c","function":"process_bitmap_updates"}},{"digest":{"threshold":0.9,"line_hashes":["35415357673050908455149321588406663330","223937485204564797344465521815285766671","18390196712728924960350710847725931829","249269190645351276646765626524920346365","121024164617858200641691031780198612168","209503235906898428409268863440823469232","298042340528043755239165924522166538791"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-74cbeb92","target":{"file":"rdpsnd.c"}},{"digest":{"function_hash":"132095683505339531706132742290013439464","length":280},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-755ceb74","target":{"file":"seamless.c","function":"seamless_process"}},{"digest":{"threshold":0.9,"line_hashes":["165154195627643620543620938357786658341","95199303338778360471137182735038462867","121024164617858200641691031780198612168","270526242318614382508542123475331423011","268514325143679100817171637334267644927"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-76b4dd54","target":{"file":"lspci.c"}},{"digest":{"threshold":0.9,"line_hashes":["9050644381343416420956149539330214143","184677543974349925722753195190553150746","6874896863917834360794467396786703320","133323462706901791834541222376213202170","309126454728163853132388408417891703593","313495569796015095153755685729517761937","24679769544033266847041136542436628706","148875802977607967561541563625248739108","225829828691512885351789512759870200388"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-80c02fe1","target":{"file":"rdpdr.c"}},{"digest":{"function_hash":"188034485594817878426413077922344669348","length":355},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-8eabee4b","target":{"file":"rdpsnd.c","function":"rdpsnd_process_training"}},{"digest":{"function_hash":"268312794963424602524310581020668120342","length":1254},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-983ccc90","target":{"file":"secure.c","function":"sec_recv"}},{"digest":{"function_hash":"151036052066117425574748559382006452261","length":342},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-ae84379a","target":{"file":"secure.c","function":"sec_decrypt"}},{"digest":{"threshold":0.9,"line_hashes":["156116824414680118006289738435650502989","265248749638125272969168515171890013173","94017914489547623420267973926210410308","294065584018814834881985832689790911201","259603876989303292966814574568976878354","250740815142459459774429341288968429735","61540251016951729481153123236959660854","332910650073684633949543218897942505947","28934009645563794271941820383896143330","159694140957995385611774010159640491171","22651108462682289063710236293010268528","118910328637747976592803847376762892159","293750687085664641466973411762775030494","262208891725719352093391250660994056626","250447231901126340735943568254935808660","4855364658018910932431227836046773964"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-b16d1592","target":{"file":"cssp.c"}},{"digest":{"function_hash":"129681526369166403320636349675032399985","length":730},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-bb702323","target":{"file":"rdp.c","function":"process_demand_active"}},{"digest":{"threshold":0.9,"line_hashes":["141512132228073104068672788816618272341","91087555674205596958287212170508793355","326433841834773331940380053109117915531","147132481235048515567024425659754556954","199499174233176236388692649706953602762","185582052051681183193656345265098554776","80847747608846774597581332597666275158","103111526061914848381669524308515733806","141512132228073104068672788816618272341","91087555674205596958287212170508793355","322426163342856549068875320810349446042","98327684003301995825263340173934415746","199499174233176236388692649706953602762","185582052051681183193656345265098554776","312563329613364071974613834041524840273","17593147765508383730231192463354471040"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-be8c8d74","target":{"file":"bitmap.c"}},{"digest":{"function_hash":"69841999535023704464934288151760248940","length":662},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-c7e16d8b","target":{"file":"mcs.c","function":"mcs_recv_connect_response"}},{"digest":{"function_hash":"60729789324186224199022644288127852833","length":295},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-cd0ada68","target":{"file":"lspci.c","function":"lspci_process"}},{"digest":{"function_hash":"213566815768839182374169039542717583900","length":1002},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-d1cff85c","target":{"file":"rdp.c","function":"rdp_in_unistr"}},{"digest":{"function_hash":"27641323796780274765203968791379803633","length":4862},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-dc7c4588","target":{"file":"seamless.c","function":"seamless_process_line"}},{"digest":{"threshold":0.9,"line_hashes":["130674942740753293644659169162150322223","142944318523375496584386215758439837393","276793857083192363638002357599772639607","240026787908099125740546560664565560748","14376684503090415495335326060979255212","204518746798243653520817680122410066028","170684181064268305755785303525263155796"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-e9652bb7","target":{"file":"orders.c"}},{"digest":{"function_hash":"336115944316993744978160550365152981657","length":1141},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2018-20182-f5312252","target":{"file":"rdpdr.c","function":"rdpdr_process"}},{"digest":{"threshold":0.9,"line_hashes":["125437503200259741832066349442065238011","286391498505942949668653145377899211570","80704440997217175523025054490285547856","183407549329509366277656709979215549899","313570441642011655266599607264263025672","75322162521339795125236999874513079246","189081423849152620846829733980186685258","268514325143679100817171637334267644927"]},"source":"https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2018-20182-f7b44f5f","target":{"file":"seamless.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}