Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please DO NOT report any security issues to public GitHub issue.

If you find a security vulnerability please kindly inform us via Report Form so that we can fix the security problem to protect a lot of users around the world as soon as possible.

If you have anything else you want to report privately to developers, send us an email to the following email address. This is a private mailing list not open for public viewing.

xrdp-core@googlegroups.com

Unchecked access to font glyph info
GHSA-2hjx-rm4f-r9hw published Sep 27, 2023 by metalefty

Moderate
Improper handling of session establishment errors allows bypassing OS-level session restrictions
GHSA-f489-557v-47jq published Aug 30, 2023 by metalefty

Low
Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open
GHSA-2f49-wwpm-78pj published Dec 9, 2022 by metalefty

Critical
Out-of-Bound Read in xrdp_sec_process_mcs_data_CS_CORE
GHSA-56pq-2pm9-7fhm published Dec 9, 2022 by metalefty

Low
Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close
GHSA-59wp-3wq6-jh5v published Dec 9, 2022 by metalefty

Critical
Out-of-Bound Read in xrdp_caps_process_confirm_active
GHSA-hm75-9jcg-p7hq published Dec 9, 2022 by metalefty

Low
Out-of-Bound Read in libxrdp_send_to_channel
GHSA-38rw-9ch2-fcxq published Dec 9, 2022 by metalefty

High
Integer Overflow in xrdp_mm_process_rail_update_window_text
GHSA-rqfx-5fv8-q9c6 published Dec 9, 2022 by metalefty

High
Buffer Overflow occurs in xrdp_mm_chan_data_in
GHSA-pgx2-3fjj-fqqh published Dec 9, 2022 by metalefty

Critical
Buffer Overflow in devredir_proc_client_devlist_announce_req
GHSA-3jmx-f6hv-95wg published Dec 9, 2022 by metalefty

Critical

Learn more about advisories related to neutrinolabs/xrdp in the GitHub Advisory Database