CVE-2018-8786
published 2018-11-29CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| check_point_software_technologies_ltd | freerdp | — | — |
| debian | debian_linux | — | — |
| debian | freerdp2 | < freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 (bookworm) | freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| freerdp | freerdp | <= 1.2.0 | — |
| freerdp | freerdp | — | — |
| freerdp | freerdp | >= 0 < 1.0.2-2ubuntu1.2 | 1.0.2-2ubuntu1.2 |
| freerdp | freerdp | >= 0 < 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 | 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 |
| freerdp | freerdp | >= 0 < 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 | 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL