CVE-2018-8786

Опубликовано: 29 нояб. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

Ссылки

http://www.securityfocus.com/bid/106938
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0697
Third Party Advisory
https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Exploit
Third Party Advisory
https://usn.ubuntu.com/3845-1/
Third Party Advisory
https://usn.ubuntu.com/3845-2/
Third Party Advisory
http://www.securityfocus.com/bid/106938
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0697
Third Party Advisory
https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Exploit
Third Party Advisory
https://usn.ubuntu.com/3845-1/
Third Party Advisory
https://usn.ubuntu.com/3845-2/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Версия до 1.2.0 (включая)

cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.17754

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-680

CWE-681

Связанные уязвимости

CVE-2018-8786

CVSS3: 9.8

ubuntu

около 7 лет назад

CVE-2018-8786

CVSS3: 8.1

redhat

больше 7 лет назад

CVE-2018-8786

CVSS3: 9.8

debian

около 7 лет назад

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that ...

GHSA-2pjf-gmmm-fv82

CVSS3: 9.8

github

больше 3 лет назад

BDU:2019-03473

CVSS3: 9.8

fstec

около 7 лет назад

Уязвимость функции update_read_bitmap_update () RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 95%

0.17754

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-680

CWE-681