CVE-2018-8786 – freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function
https://notcve.org/view.php?id=CVE-2018-8786
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene un truncamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función zgfx_decompress() y que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions prior to version 2.0.0-rc4. An integer truncation that leads to a heap-based buffer overflow in the update_read_bitmap_update() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3 https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVE-2018-8787 – freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function
https://notcve.org/view.php?id=CVE-2018-8787
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función gdi_Bitmap_Decompress() y que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions before versions 2.0.0-rc4. An integer overflow that leads to a heap-based buffer overflow in the gdi_Bitmap_Decompress() function leads to memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https://access.redhat.com/security/cve/CVE-2018-8787 https://bugzilla.redhat.com/show_bug.cgi?id=1671361 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-8788 – freerdp: Out-of-bounds write in nsc_rle_decode() function
https://notcve.org/view.php?id=CVE-2018-8788
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene una escritura fuera de límites de hasta 4 bytes en la función nsc_rle_decode() que resulta en una corrupción de memoria y, probablemente, incluso en la ejecución remota de código. A flaw was found in freerdp in versions before 2.0.0-rc4. An out-of-bounds write of up to 4 bytes in the nsc_rle_decode() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.securityfocus.com/bid/106938 https://access.redhat.com/errata/RHSA-2019:0697 https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659 https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients https://usn.ubuntu.com/3845-1 https://usn.ubuntu.com/3845-2 https://access.redhat.com/security/cve/CVE-2018-8788 https://bugzilla.redhat.com/show_bug.cgi?id=1671363 • CWE-787: Out-of-bounds Write •
CVE-2013-4119
https://notcve.org/view.php?id=CVE-2013-4119
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. FreeRDP en versiones anteriores a 1.1.0-beta+2013071101 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) desconectando antes de que la autenticación haya finalizado. • http://www.openwall.com/lists/oss-security/2013/07/11/12 http://www.openwall.com/lists/oss-security/2013/07/12/2 http://www.securityfocus.com/bid/61072 https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53 • CWE-476: NULL Pointer Dereference •
CVE-2013-4118
https://notcve.org/view.php?id=CVE-2013-4118
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. FreeRDP en versiones anteriores a 1.1.0-beta1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html http://www.openwall.com/lists/oss-security/2013/07/11/12 http://www.openwall.com/lists/oss-security/2013/07/12/2 http://www.securityfocus.com/bid/61072 https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7 • CWE-476: NULL Pointer Dereference •