CVE-2018-8784 — Classic Buffer Overflow in Freerdp

CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

13.0%

top 5.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Check Point Software Technologies LTD Freerdp Canonical Ubuntu Linux

Timeline

PublishedNov 29

Latest updateMay 13

Description

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Ubuntufreerdp/freerdp< 1.0.2-2ubuntu1.2+2

▶NVDfreerdp/freerdp1.2.0+1

▶CVEListV5check_point_software_technologies_ltd/freerdpAll versions prior to 2.0.0-rc4

Also affects: Ubuntu Linux 18.04, 18.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9392-mf3x-x7wh: FreeRDP prior to version 2↗2022-05-13

▶

OSV

freerdp vulnerabilities↗2019-05-28

▶

OSV

freerdp, freerdp2 vulnerabilities↗2018-12-12

▶

OSV

CVE-2018-8784: FreeRDP prior to version 2↗2018-11-29

▶

CVEList

CVE-2018-8784: FreeRDP prior to version 2↗2018-11-29

▶

📋Vendor Advisories

Ubuntu

FreeRDP vulnerabilities↗2018-12-12

▶

Red Hat

freerdp: Heap-based buffer overflow in zgfx_decompress_segment() function↗2018-10-22

▶

Debian

CVE-2018-8784: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in func...↗2018

▶

💬Community

Bugzilla

CVE-2018-8784 freerdp: Heap-based buffer overflow in zgfx_decompress_segment() function↗2019-01-31

▶

Bugzilla

CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 freerdp: various flaws [epel-6]↗2019-01-31

▶