vulnerability
Alpine Linux: CVE-2023-40184: Improper Handling of Exceptional Conditions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:N/AC:H/Au:S/C:N/I:N/A:P) | Aug 30, 2023 | Aug 22, 2024 | Dec 22, 2025 |
Severity
2
CVSS
(AV:N/AC:H/Au:S/C:N/I:N/A:P)
Published
Aug 30, 2023
Added
Aug 22, 2024
Modified
Dec 22, 2025
Description
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
Solution
alpine-linux-upgrade-xrdp
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.