CVE-2018-8786 — Integer Overflow to Buffer Overflow in Freerdp

CWE-680 — Integer Overflow to Buffer Overflow CWE-681 — Incorrect Conversion between Numeric Types CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents8 sources

Severity

9.8CRITICALNVD

EPSS

9.6%

top 7.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Check Point Software Technologies LTD Freerdp Canonical Ubuntu Linux +8 more

Timeline

PublishedNov 29

Latest updateMay 13

Description

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDfreerdp/freerdp1.2.0+1

▶CVEListV5check_point_software_technologies_ltd/freerdpAll versions prior to 2.0.0-rc4

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Debian Linux 8.0, Fedora 28, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2pjf-gmmm-fv82: FreeRDP prior to version 2↗2022-05-13

▶

OSV

freerdp vulnerabilities↗2019-05-28

▶

OSV

freerdp, freerdp2 vulnerabilities↗2018-12-12

▶

OSV

CVE-2018-8786: FreeRDP prior to version 2↗2018-11-29

▶

CVEList

CVE-2018-8786: FreeRDP prior to version 2↗2018-11-29

▶

📋Vendor Advisories

Ubuntu

FreeRDP vulnerabilities↗2019-05-28

▶

Ubuntu

FreeRDP vulnerabilities↗2018-12-12

▶

Red Hat

freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function↗2018-10-22

▶

Debian

CVE-2018-8786: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to ...↗2018

▶

💬Community

Bugzilla

CVE-2018-8786 freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function [fedora-all]↗2019-02-28

▶

Bugzilla

CVE-2018-8786 freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function↗2019-01-31

▶

Bugzilla

CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 freerdp: various flaws [epel-6]↗2019-01-31

▶