PT-2017-15572 · Freerdp+2 · Freerdp+2

Published

2017-07-27

Updated

2024-06-15

CVE-2017-2838

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeRDP versions 2.0.0-beta1+android11

Description An exploitable denial of service issue exists within the handling of challenge packets. A specially crafted challenge packet can cause program termination, leading to a denial of service condition. An attacker can compromise the server or use man-in-the-middle to trigger this issue.

Recommendations For FreeRDP version 2.0.0-beta1+android11, consider disabling the handling of challenge packets as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-2838

DLA-1095-1

DSA-3923-1

MGASA-2017-0243

MGASA-2017-0475

OPENSUSE-SU-2017_2332-1

OPENSUSE-SU-2024:10768-1

SUSE-SU-2017:2234-1

SUSE-SU-2020:2272-1

USN-3380-1

Affected Products

Freerdp

Suse

Ubuntu

PT-2017-15572 · Freerdp+2 · Freerdp+2

CVE-2017-2838

Weakness Enumeration

Related Identifiers

Affected Products

References · 118