Home

CVE-2018-1000852

Description

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the clients memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score
Exploitation Probability
0.833

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP3 ) freerdp-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpmLinux
SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpmLinux
SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpmLinux
SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpmLinux
SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpmLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp2-2_2.1.1+dfsg1-0ubuntu0.18.04.1_i386.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp2-2_2.1.1+dfsg1-0ubuntu0.18.04.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp2-2_2.1.1+dfsg1-0ubuntu0.19.10.1_i386.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp2-2_2.1.1+dfsg1-0ubuntu0.19.10.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp2-2_2.1.1+dfsg1-0ubuntu0.20.04.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-client2-2_2.1.1+dfsg1-0ubuntu0.18.04.1_i386.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-client2-2_2.1.1+dfsg1-0ubuntu0.18.04.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-client2-2_2.1.1+dfsg1-0ubuntu0.19.10.1_i386.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-client2-2_2.1.1+dfsg1-0ubuntu0.19.10.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-client2-2_2.1.1+dfsg1-0ubuntu0.20.04.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-server2-2_2.1.1+dfsg1-0ubuntu0.18.04.1_i386.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-server2-2_2.1.1+dfsg1-0ubuntu0.18.04.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-server2-2_2.1.1+dfsg1-0ubuntu0.19.10.1_i386.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-server2-2_2.1.1+dfsg1-0ubuntu0.19.10.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-4379-1) libfreerdp-server2-2_2.1.1+dfsg1-0ubuntu0.20.04.1_amd64.debLinux
(RHSA-2019:2157)Low: and vinagre security, bug fix, and enhancement update freerdp-debuginfo-2.0.0-1.rc4.el7.i686.rpmLinux
(RHSA-2019:2157)Low: and vinagre security, bug fix, and enhancement update freerdp-debuginfo-2.0.0-1.rc4.el7.x86_64.rpmLinux
(RHSA-2019:2157)Low: and vinagre security, bug fix, and enhancement update vinagre-debuginfo-3.22.0-12.el7.i686.rpmLinux
(RHSA-2019:2157)Low: and vinagre security, bug fix, and enhancement update vinagre-debuginfo-3.22.0-12.el7.x86_64.rpmLinux
Freerdp update (ELSA-2019-2157) freerdp-2.0.0-1.rc4.el7.x86_64.rpmLinux
Freerdp-libs update (ELSA-2019-2157) freerdp-libs-2.0.0-1.rc4.el7.i686.rpmLinux
Freerdp-libs update (ELSA-2019-2157) freerdp-libs-2.0.0-1.rc4.el7.x86_64.rpmLinux
Libwinpr update (ELSA-2019-2157) libwinpr-2.0.0-1.rc4.el7.i686.rpmLinux
Libwinpr update (ELSA-2019-2157) libwinpr-2.0.0-1.rc4.el7.x86_64.rpmLinux
Vinagre update (ELSA-2019-2157) vinagre-3.22.0-12.el7.i686.rpmLinux
Vinagre update (ELSA-2019-2157) vinagre-3.22.0-12.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234