ID CVE-2013-4118
Summary FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
References
Vulnerable Configurations
  • FreeRDP Project FreeRDP 1.0.2
    cpe:2.3:a:freerdp_project:freerdp:1.0.2
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 5.0 (as of 04-10-2016 - 10:02)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2506-1.NASL
    description This update for freerdp fixes the following issues : - CVE-2013-4118: Added a NULL pointer check to fix a server crash (bsc#829013). - CVE-2014-0791: Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. (bsc#857491) - CVE-2014-0250: Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allowed remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. (bsc#880317) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94037
    published 2016-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94037
    title SUSE SLED12 Security Update : freerdp (SUSE-SU-2016:2506-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1131.NASL
    description This update for freerdp fixes the following issues : Security issues fixed : - CVE-2013-4118: Add a NULL pointer check to fix a server crash (boo#829013). - CVE-2014-0791: The remaining length in the stream is checked before doing some malloc(), which could have lead to crashes. (boo#857491).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93757
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93757
    title openSUSE Security Update : freerdp (openSUSE-2016-1131)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1132.NASL
    description This update for freerdp fixes the following issues : Security issues fixed : - CVE-2013-4118: Add a NULL pointer check to fix a server crash (boo#829013). - CVE-2014-0791: The remaining length in the stream is checked before doing some malloc(), which could have lead to crashes. (boo#857491).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93758
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93758
    title openSUSE Security Update : freerdp (openSUSE-2016-1132)
refmap via4
bid 61072
confirm https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7
mlist
  • [oss-security] 20130711 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version
  • [oss-security] 20130712 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version
suse
  • openSUSE-SU-2016:2400
  • openSUSE-SU-2016:2402
Last major update 04-10-2016 - 10:25
Published 03-10-2016 - 17:59
Last modified 30-10-2018 - 12:27
Back to Top