CVE-2014-0791

2014-01-0318:54:13

CWE-189

mitre

web.nvd.nist.gov

cve

2014

0791

integer overflow

rdp

freerdp

denial of service

application crash

nvd

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.012

Percentile

85.6%

JSON

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

Affected configurations

Nvd

Node

freerdpfreerdpMatch1.0.0

freerdpfreerdpMatch1.0.1

freerdpfreerdpMatch1.0.2

VendorProductVersionCPE
freerdpfreerdp1.0.0cpe:2.3:a:freerdp:freerdp:1.0.0:*:*:*:*:*:*:*
freerdpfreerdp1.0.1cpe:2.3:a:freerdp:freerdp:1.0.1:*:*:*:*:*:*:*
freerdpfreerdp1.0.2cpe:2.3:a:freerdp:freerdp:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freerdp	freerdp	1.0.0	cpe:2.3:a:freerdp:freerdp:1.0.0:::::::*
freerdp	freerdp	1.0.1	cpe:2.3:a:freerdp:freerdp:1.0.1:::::::*
freerdp	freerdp	1.0.2	cpe:2.3:a:freerdp:freerdp:1.0.2:::::::*