Code Execution Vulnerability in FreeRDP by FreeRDP Project
CVE-2017-2834

8.8HIGH

Key Information:

Vendor

Freerdp

Status
Freerdp
Vendor
CVE Published:
24 April 2018

What is CVE-2017-2834?

An exploitable code execution vulnerability occurs in the authentication functionality of FreeRDP 2.0.0-beta1+android11. This vulnerability can be triggered by a specially crafted server response, leading to an out-of-bounds write that may be exploited by an attacker. Such an attack can result in server compromise or be leveraged through man-in-the-middle techniques to achieve code execution.

Affected Version(s)

FreeRDP 2.0.0-beta1+android11 - Windows, OSX, Linux

References

http://www.securityfocus.com/bid/99942
vdb-entryx_refsource_BID
https://www.debian.org/security/2017/dsa-3923
vendor-advisoryx_refsource_DEBIAN
https://www.talosintelligence.com/vulnerability_reports/T...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.