Cyber Resilience

CVE-2023-42822

Medium

Published: 27 September 2023

Published
27 September 2023
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS Score 0.0031 54.5th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-42822 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Fedoraproject Fedora. Its CVSS base score is 4.6 (Medium).

Operationally, ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp…

more

executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

neutrinolabs
xrdp
≤ 0.9.23.1
fedoraproject
fedora
37, 38

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References