CVE-2018-8785Classic Buffer Overflow in Freerdp

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
9.8CRITICALNVD
EPSS
13.0%
top 5.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreerdpCheck Point Software Technologies LTD FreerdpCanonical Ubuntu Linux
Timeline
PublishedNov 29
Latest updateMay 13

Description

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Ubuntufreerdp/freerdp< 1.0.2-2ubuntu1.2+1
NVDfreerdp/freerdp1.2.0+1
CVEListV5check_point_software_technologies_ltd/freerdpAll versions prior to 2.0.0-rc4

Also affects: Ubuntu Linux 18.04, 18.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-c52r-p49c-g2gq: FreeRDP prior to version 22022-05-13
OSV
freerdp vulnerabilities2019-05-28
OSV
freerdp, freerdp2 vulnerabilities2018-12-12
OSV
CVE-2018-8785: FreeRDP prior to version 22018-11-29
CVEList
CVE-2018-8785: FreeRDP prior to version 22018-11-29

📋Vendor Advisories

3
Ubuntu
FreeRDP vulnerabilities2018-12-12
Red Hat
freerdp: Heap-based buffer overflow in zgfx_decompress() function2018-10-22
Debian
CVE-2018-8785: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in func...2018

💬Community

2
Bugzilla
CVE-2018-8785 freerdp: Heap-based buffer overflow in zgfx_decompress() function2019-01-31
Bugzilla
CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 freerdp: various flaws [epel-6]2019-01-31
CVE-2018-8785 — Classic Buffer Overflow in Freerdp | cvebase