Vulnerability identifier: #VU42191

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-0791

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FreeRDP
Universal components / Libraries / Libraries used by multiple products

Vendor: FreeRDP

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FreeRDP: 1.0.0 - 1.0.2

---

External links
http://advisories.mageia.org/MGASA-2014-0287.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html
http://openwall.com/lists/oss-security/2014/01/02/5
http://openwall.com/lists/oss-security/2014/01/03/4
http://www.mandriva.com/security/advisories?name=MDVSA-2015:171
http://bugzilla.redhat.com/show_bug.cgi?id=998941
http://github.com/FreeRDP/FreeRDP/pull/1649
http://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.