CVE-2023-42822: 
xrdp vulnerability analysis and mitigation

xrdp is an open source remote desktop protocol server that experienced a security vulnerability identified as CVE-2023-42822. The vulnerability was discovered in versions prior to 0.9.23.1 and was disclosed on September 27, 2023. The issue affects the font glyph handling in xrdp_painter.c where access to font glyphs is not properly bounds-checked (GitHub Advisory).

The vulnerability stems from unchecked access to font glyph information in the xrdp_painter.c file. Since some of this data is controllable by the user, it can result in an out-of-bounds read within the xrdp executable. The CVSS v3.1 base score is 6.5 (MEDIUM) according to NVD assessment with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, while GitHub's assessment rates it at 4.6 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N (NVD).

The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root, which increases the severity of the impact. Additionally, there is potential for an out-of-bounds write following the out-of-bounds read. However, there is no denial-of-service impact when xrdp is running in forking mode (GitHub Advisory).

The vulnerability has been patched in xrdp version 0.9.23.1. Users are strongly advised to upgrade to this version or later. There are no known workarounds for this vulnerability, making the upgrade the only effective mitigation strategy (Fedora Update).