Freerdp : Security Vulnerabilities, CVEs, (Denial of service)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
7.5
EPSS Score
0.10%
Published
2023-08-31
Updated
2024-01-12
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
Max CVSS
7.5
EPSS Score
0.45%
Published
2018-11-29
Updated
2019-06-03
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-04-24
Updated
2022-06-03
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Max CVSS
6.5
EPSS Score
0.09%
Published
2018-04-24
Updated
2022-06-03
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Max CVSS
6.5
EPSS Score
0.09%
Published
2018-04-24
Updated
2022-06-03
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Max CVSS
6.5
EPSS Score
0.09%
Published
2018-04-24
Updated
2022-06-03
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.
Max CVSS
6.8
EPSS Score
1.25%
Published
2014-01-03
Updated
2020-08-30
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.
Max CVSS
7.5
EPSS Score
0.53%
Published
2016-10-03
Updated
2020-03-06
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.32%
Published
2016-10-03
Updated
2020-03-06
9 vulnerabilities found