Lucene search

Veracode Vulnerability DatabaseVERACODE:46618

HistoryApr 25, 2024 - 7:21 a.m.

NULL Pointer Dereference

2024-04-2507:21:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

freerdp

vulnerability

info structure

null pointer dereference

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.4%

JSON

FreeRDP/FreeRDP is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to a missing check for NULL pointers before accessing the domain or username fields in the info structure.

CPENameOperatorVersion
libfreerdp.soeq1.2.0
libfreerdp.soeq1.2.0

CPE	Name	Operator	Version
	libfreerdp.so	eq	1.2.0
	libfreerdp.so	eq	1.2.0

References

github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m

lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for VERACODE:46618