FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freerdp | Freerdp | * | 1.2.0 (including) |
Freerdp | Freerdp | 2.0.0-rc1 (including) | 2.0.0-rc1 (including) |
Freerdp | Freerdp | 2.0.0-rc2 (including) | 2.0.0-rc2 (including) |
Freerdp | Freerdp | 2.0.0-rc3 (including) | 2.0.0-rc3 (including) |
Freerdp | Ubuntu | bionic | * |
Freerdp | Ubuntu | cosmic | * |
Freerdp | Ubuntu | xenial | * |
Freerdp2 | Ubuntu | bionic | * |
Freerdp2 | Ubuntu | cosmic | * |
Freerdp2 | Ubuntu | devel | * |
Freerdp2 | Ubuntu | disco | * |
Freerdp2 | Ubuntu | upstream | * |