CVE-2018-8789

2018-11-2900:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in
the NTLM Authentication module that results in a Denial of Service
(segfault).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp< 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1UNKNOWN
ubuntu18.10noarchfreerdp< 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1UNKNOWN
ubuntu16.04noarchfreerdp< 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3UNKNOWN
ubuntu18.04noarchfreerdp2< 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1UNKNOWN
ubuntu18.10noarchfreerdp2< 2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1UNKNOWN
ubuntu19.04noarchfreerdp2< 2.0.0~git20181120.1.e21b72c95+dfsg1-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	freerdp	< 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1	UNKNOWN
ubuntu	18.10	noarch	freerdp	< 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1	UNKNOWN
ubuntu	16.04	noarch	freerdp	< 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3	UNKNOWN
ubuntu	18.04	noarch	freerdp2	< 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1	UNKNOWN
ubuntu	18.10	noarch	freerdp2	< 2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1	UNKNOWN
ubuntu	19.04	noarch	freerdp2	< 2.0.0~git20181120.1.e21b72c95+dfsg1-1	UNKNOWN