Name | CVE-2025-5024 |
Description | A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 1106527 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
gnome-remote-desktop (PTS) | bullseye | 0.1.9-5 | vulnerable |
| bookworm | 43.3-1 | vulnerable |
| forky, trixie | 48.1-4 | vulnerable |
| sid | 48.2-1 | vulnerable |
The information below is based on the following data on fixed versions.
Notes
[trixie] - gnome-remote-desktop <no-dsa> (Minor issue)
[bookworm] - gnome-remote-desktop <no-dsa> (Minor issue)
[bullseye] - gnome-remote-desktop <postponed> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2367717
Fixed by https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321