Lucene search
Veracode Vulnerability DatabaseVERACODE:25571HistoryJun 03, 2020 - 4:08 a.m.
Remote Code Execution
2020-06-0304:08:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.07 Low
EPSS
Percentile
94.0%
freerdp is vulnerable to remote code execution. The vulnerability exists as FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| freerdp:3.11 | eq | 2.0.0-r0 | |
| freerdp:3.12 | eq | 2.0.0-r0 | |
| freerdp:edge | eq | 2.0.0-r0 |
References
www.securityfocus.com/bid/106938
access.redhat.com/errata/RHSA-2019:0697
github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
lists.debian.org/debian-lts-announce/2019/02/msg00015.html
research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
usn.ubuntu.com/3845-1/
usn.ubuntu.com/3845-2/
Related
prion
prion
Integer overflow
2018-11-29 18:29:00
osv
osv
CVE-2018-8787
2018-11-29 18:29:00
freerdp - security update
2019-02-07 00:00:00
cve
cve
CVE-2018-8787
2018-11-29 18:29:00
nvd
nvd
CVE-2018-8787
2018-11-29 18:29:00
ubuntucve
ubuntucve
CVE-2018-8787
2018-11-29 00:00:00
redhatcve
redhatcve
CVE-2018-8787
2019-01-31 13:49:26
debiancve
debiancve
CVE-2018-8787
2018-11-29 18:29:00
alpinelinux
alpinelinux
CVE-2018-8787
2018-11-29 18:29:00
cvelist
cvelist
CVE-2018-8787
2018-10-22 00:00:00
nessus
nessus
Amazon Linux 2 : freerdp (ALAS-2019-1191)
2019-04-18 00:00:00
Oracle Linux 7 : freerdp (ELSA-2019-0697)
2019-04-03 00:00:00
EulerOS 2.0 SP3 : freerdp (EulerOS-SA-2019-1284)
2019-04-30 00:00:00
openvas
openvas
CentOS Update for freerdp CESA-2019:0697 centos7
2019-04-13 00:00:00
Huawei EulerOS: Security Advisory for freerdp (EulerOS-SA-2019-1283)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for freerdp (EulerOS-SA-2019-1285)
2020-01-23 00:00:00
amazon
amazon
Important: freerdp
2019-04-04 21:55:00
centos
centos
freerdp security update
2019-04-12 14:01:25
redhat
redhat
(RHSA-2019:0697) Important: freerdp security update
2019-04-02 10:57:14
oraclelinux
oraclelinux
freerdp security update
2019-04-02 00:00:00
debian
debian
[SECURITY] [DLA 1666-1] freerdp security update
2019-02-09 14:11:49
mageia
mageia
Updated freerdp packages fix security vulnerabilities
2019-01-05 21:30:16
ubuntu
ubuntu
FreeRDP vulnerabilities
2019-05-28 00:00:00
FreeRDP vulnerabilities
2018-12-12 00:00:00
suse
suse
Security update for freerdp (important)
2019-03-14 00:00:00
Security update for freerdp (important)
2019-01-29 00:00:00