CVE-2018-8788
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
29/11/2018
Last modified:
03/06/2019
Description
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* | 1.2.0 (including) | |
| cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/106938
- https://access.redhat.com/errata/RHSA-2019:0697
- https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
- https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
- https://usn.ubuntu.com/3845-1/
- https://usn.ubuntu.com/3845-2/