CVE-2018-8788

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
checkpointCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
freerdpfreerdp
𝑥
≤ 1.2.0
freerdpfreerdp
2.0.0:rc1
freerdpfreerdp
2.0.0:rc2
freerdpfreerdp
2.0.0:rc3
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bullseye
2.3.0+dfsg1-2+deb11u1
fixed
bookworm
2.10.0+dfsg1-1
fixed
sid
2.11.7+dfsg1-4
fixed
trixie
2.11.7+dfsg1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freerdp
disco
dne
cosmic
Fixed 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1
released
bionic
Fixed 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1
released
xenial
Fixed 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3
released
trusty
dne
freerdp2
disco
Fixed 2.0.0~git20181120.1.e21b72c95+dfsg1-1
released
cosmic
Fixed 2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1
released
bionic
Fixed 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1
released
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106938
https://access.redhat.com/errata/RHSA-2019:0697
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://usn.ubuntu.com/3845-1/
https://usn.ubuntu.com/3845-2/
http://www.securityfocus.com/bid/106938
https://access.redhat.com/errata/RHSA-2019:0697
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://usn.ubuntu.com/3845-1/
https://usn.ubuntu.com/3845-2/