CVE-2017-2836
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Existe una vulnerabilidad explotable de denegaciĆ³n de servicio (DoS) en la lectura de certificados propietarios del servidor en FreeRDP 2.0.0-beta1+android11. Un paquete challenge especialmente manipulado puede provocar que el programa se cierre, conduciendo a una denegaciĆ³n de servicio (DoS). Un atacante puede comprometer el servidor o utilizar un ataque Man-in-the-Middle (MitM) para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-08-01 CVE Published
- 2023-09-15 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99942 | Broken Link | |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2017/dsa-3923 | 2022-06-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freerdp Search vendor "Freerdp" | Freerdp Search vendor "Freerdp" for product "Freerdp" | 2.0.0 Search vendor "Freerdp" for product "Freerdp" and version "2.0.0" | beta1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||