CVE-2018-1000852

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
freerdpfreerdp
𝑥
< 2.0.0
freerdpfreerdp
2.0.0
freerdpfreerdp
2.0.0:rc0
freerdpfreerdp
2.0.0:rc1
freerdpfreerdp
2.0.0:rc2
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
canonicalubuntu_linux
20.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bullseye
2.3.0+dfsg1-2+deb11u1
fixed
bookworm
2.10.0+dfsg1-1
fixed
sid
2.11.7+dfsg1-4
fixed
trixie
2.11.7+dfsg1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freerdp
focal
dne
eoan
dne
disco
dne
cosmic
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
freerdp2
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
ignored
bionic
Fixed 2.1.1+dfsg1-0ubuntu0.18.04.1
released
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2157
https://github.com/FreeRDP/FreeRDP/issues/4866
https://github.com/FreeRDP/FreeRDP/pull/4871
https://github.com/FreeRDP/FreeRDP/pull/4871/commits/baee520e3dd9be6511c45a14c5f5e77784de1471
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/
https://usn.ubuntu.com/4379-1/
https://access.redhat.com/errata/RHSA-2019:2157
https://github.com/FreeRDP/FreeRDP/issues/4866
https://github.com/FreeRDP/FreeRDP/pull/4871
https://github.com/FreeRDP/FreeRDP/pull/4871/commits/baee520e3dd9be6511c45a14c5f5e77784de1471
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/
https://usn.ubuntu.com/4379-1/