[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0791Date: (C)2014-01-04   (M)2023-12-22


Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
MDVSA-2015:171
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
http://openwall.com/lists/oss-security/2014/01/02/5
http://openwall.com/lists/oss-security/2014/01/03/4
http://advisories.mageia.org/MGASA-2014-0287.html
https://bugzilla.redhat.com/show_bug.cgi?id=998941
https://github.com/FreeRDP/FreeRDP/pull/1649
https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e
openSUSE-SU-2014:0862
openSUSE-SU-2016:2400
openSUSE-SU-2016:2402

CPE    3
cpe:/a:freerdp:freerdp:1.0.2
cpe:/a:freerdp:freerdp:1.0.1
cpe:/a:freerdp:freerdp:1.0.0
CWE    1
CWE-189
OVAL    5
oval:org.secpod.oval:def:41754
oval:org.secpod.oval:def:21524
oval:org.secpod.oval:def:51865
oval:org.secpod.oval:def:52192
...

© SecPod Technologies