SB2019041730 - Heap-based buffer overflow in freerdp (Alpine package)
Published: April 17, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2018-8786)
The vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code.
The vulnerability exists due to improper handling of bitmaps by the update_read_bitmap_update() function, as defined in the update.c source code file. A remote attacker can send a specially crafted request that submits malicious input, trigger a heap-based buffer overflow condition that the attacker can use to cause a DoS condition or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b52104f5f284a471faab8c0847a03170c6e3da66
- https://git.alpinelinux.org/aports/commit/?id=bcb823b751e07187bb9ae949d2620ed0d11e0c13
- https://git.alpinelinux.org/aports/commit/?id=e661f5459886e6e7cc6c5562633ab99aa4a38101
- https://git.alpinelinux.org/aports/commit/?id=0711692c669f13dd536c845cb15cb205c9e88d12