CVE-2018-8788

Опубликовано: 29 нояб. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

Ссылки

http://www.securityfocus.com/bid/106938
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0697
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
Mailing List
Third Party Advisory
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Exploit
Third Party Advisory
https://usn.ubuntu.com/3845-1/
Third Party Advisory
https://usn.ubuntu.com/3845-2/
http://www.securityfocus.com/bid/106938
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0697
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
Mailing List
Third Party Advisory
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Exploit
Third Party Advisory
https://usn.ubuntu.com/3845-1/
Third Party Advisory
https://usn.ubuntu.com/3845-2/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Версия до 1.2.0 (включая)

cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07228

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-8788

CVSS3: 9.8

ubuntu

около 7 лет назад

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

CVE-2018-8788

CVSS3: 8.8

redhat

больше 7 лет назад

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

CVE-2018-8788

CVSS3: 9.8

debian

около 7 лет назад

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of ...

GHSA-j2cm-xc9q-86w4

CVSS3: 9.8

github

больше 3 лет назад

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

BDU:2019-03475

CVSS3: 9.8

fstec

около 7 лет назад

Уязвимость функции nsc_rle_decode() RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 91%

0.07228

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787