Volerion logoVolerion
Volerion logoVolerion

xrdp Out-of-Bounds Read Vulnerability in RDP Message Parsing Pre-Authentication

Vulnerability

A denial-of-service vulnerability has been identified in xrdp versions prior to 0.10.6. This issue arises from an out-of-bounds read in the pre-authentication RDP message parsing, which can be exploited by remote, unauthenticated attackers. The vulnerability is caused by inadequate validation of input buffer lengths before handling dynamic channel communication. Exploitation of this flaw can lead to a process crash, causing a denial-of-service condition, or potentially allow the disclosure of sensitive information from the service's memory.

Impact

Exploitation of this vulnerability can cause a process crash, leading to a denial-of-service condition, or allow the unauthorized disclosure of sensitive information from the service's memory.

Remediation

Users can upgrade to xrdp version 0.10.6 to address this vulnerability.

Added: Apr 17, 2026, 9:48 PM
Updated: Apr 17, 2026, 9:48 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
5.0
exploitability
7.8
remediation
7.7
relevance
6.1
threat
0.0
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.