Vulnerability Details : CVE-2018-1000852
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
Products affected by CVE-2018-1000852
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000852
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000852
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2018-1000852
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000852
-
https://github.com/FreeRDP/FreeRDP/issues/4866
I Found Memory Leak Vulnerability · Issue #4866 · FreeRDP/FreeRDP · GitHubExploit;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2157
RHSA-2019:2157 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/FreeRDP/FreeRDP/pull/4871/commits/baee520e3dd9be6511c45a14c5f5e77784de1471
Fix for #4866: Added additional length checks by akallabeth · Pull Request #4871 · FreeRDP/FreeRDP · GitHubPatch;Third Party Advisory
-
https://github.com/FreeRDP/FreeRDP/pull/4871
Fix for #4866: Added additional length checks by akallabeth · Pull Request #4871 · FreeRDP/FreeRDP · GitHubThird Party Advisory
-
https://usn.ubuntu.com/4379-1/
USN-4379-1: FreeRDP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/
[SECURITY] Fedora 28 Update: remmina-1.3.3-1.fc28 - package-announce - Fedora Mailing-ListsThird Party Advisory
Jump to