9.8

CVE-2018-8788

Exploit
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreerdpFreerdp Version <= 1.2.0
FreerdpFreerdp Version2.0.0 Updaterc1
FreerdpFreerdp Version2.0.0 Updaterc2
FreerdpFreerdp Version2.0.0 Updaterc3
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.4% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/106938
Third Party Advisory
VDB Entry
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Third Party Advisory
Exploit
https://usn.ubuntu.com/3845-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0697
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3845-2/
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
Patch
Vendor Advisory