CVSS: 9.8EPSS: 10%CPEs: 9EXPL: 1CVE-2018-8788 – freerdp: Out-of-bounds write in nsc_rle_decode() function
https://notcve.org/view.php?id=CVE-2018-8788
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene una escritura fuera de límites de hasta 4 bytes en la función nsc_rle_decode() que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions before 2.0.0-rc4. An out-of-bounds write of up to 4 bytes in the nsc_rle_decode() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659 https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https://access.redhat.com/security/cve/CVE-2018-8788 https://bugzilla.redhat.com/show_bug.cgi?id=1671363 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4119
https://notcve.org/view.php?id=CVE-2013-4119
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. FreeRDP en versiones anteriores a 1.1.0-beta+2013071101 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) desconectando antes de que la autenticación haya finalizado. • http://www.openwall.com/lists/oss-security/2013/07/11/12 http://www.openwall.com/lists/oss-security/2013/07/12/2 http://www.securityfocus.com/bid/61072 https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2013-4118
https://notcve.org/view.php?id=CVE-2013-4118
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. FreeRDP en versiones anteriores a 1.1.0-beta1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html http://www.openwall.com/lists/oss-security/2013/07/11/12 http://www.openwall.com/lists/oss-security/2013/07/12/2 http://www.securityfocus.com/bid/61072 https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-0250
https://notcve.org/view.php?id=CVE-2014-0250
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. Múltiples desbordamientos de enteros en client/x11/xf_graphics.c en FreeRDP permite a atacantes remotos tener un impacto no especificado a través de la anchura y la altura de la función (1) xf_Pointer_New o (2) xf_Bitmap_Decompress, lo que provoca que se intenten asignar cantidades incorrectas de memoria. • http://advisories.mageia.org/MGASA-2014-0287.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html http://seclists.org/oss-sec/2014/q2/365 http://security.gentoo.org/glsa/glsa-201412-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2015:171 http://www.securityfocus.com/bid/67670 https://bugzilla.redhat.com/show_bug.cgi?id=998934 https://github.com/FreeRDP/FreeRDP/issues/1871 https://github.com/FreeRDP/FreeRDP/pull/1874 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-0791
https://notcve.org/view.php?id=CVE-2014-0791
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. Desbordamiento de entero en la función license_read_scope_list en libfreerdp/core/license.c FreeRDP hasta la versión 1.0.2 permite a servidores RDP remotos causar denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un valor ScopeCount grande en un paquete Server License Request. • http://advisories.mageia.org/MGASA-2014-0287.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html http://openwall.com/lists/oss-security/2014/01/02/5 http://openwall.com/lists/oss-security/2014/01/03/4 http://www.mandriva.com/security/advisories?name=MDVSA-2015:171 https://bugzilla.redhat.com/show_bug.cgi?id=998941 https://g • CWE-189: Numeric Errors •