CWE-680
Integer Overflow to Buffer Overflow
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
CVE-2018-8786 (GCVE-0-2018-8786)
Vulnerability from cvelistv5
Published
2018-11-29 17:00
Modified
2024-09-17 01:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point Software Technologies Ltd. | FreeRDP |
Version: All versions prior to 2.0.0-rc4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3"
},
{
"name": "USN-3845-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "RHSA-2019:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0697"
},
{
"name": "FEDORA-2019-b2d986c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/"
},
{
"name": "USN-3845-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3845-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "Check Point Software Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.0.0-rc4"
}
]
}
],
"datePublic": "2018-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T15:06:11",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3"
},
{
"name": "USN-3845-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "RHSA-2019:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0697"
},
{
"name": "FEDORA-2019-b2d986c3e9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/"
},
{
"name": "USN-3845-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3845-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2018-10-22T00:00:00",
"ID": "CVE-2018-8786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.0.0-rc4"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3"
},
{
"name": "USN-3845-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "RHSA-2019:0697",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0697"
},
{
"name": "FEDORA-2019-b2d986c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/"
},
{
"name": "USN-3845-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3845-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2018-8786",
"datePublished": "2018-11-29T17:00:00Z",
"dateReserved": "2018-03-19T00:00:00",
"dateUpdated": "2024-09-17T01:56:15.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8787 (GCVE-0-2018-8787)
Vulnerability from cvelistv5
Published
2018-11-29 17:00
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point Software Technologies Ltd. | FreeRDP |
Version: All versions prior to 2.0.0-rc4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"
},
{
"name": "USN-3845-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a"
},
{
"name": "RHSA-2019:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0697"
},
{
"name": "USN-3845-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3845-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "Check Point Software Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.0.0-rc4"
}
]
}
],
"datePublic": "2018-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T15:06:11",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"
},
{
"name": "USN-3845-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a"
},
{
"name": "RHSA-2019:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0697"
},
{
"name": "USN-3845-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3845-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2018-10-22T00:00:00",
"ID": "CVE-2018-8787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.0.0-rc4"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"
},
{
"name": "USN-3845-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a"
},
{
"name": "RHSA-2019:0697",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0697"
},
{
"name": "USN-3845-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3845-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2018-8787",
"datePublished": "2018-11-29T17:00:00Z",
"dateReserved": "2018-03-19T00:00:00",
"dateUpdated": "2024-09-16T20:16:21.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8794 (GCVE-0-2018-8794)
Vulnerability from cvelistv5
Published
2019-02-05 20:00
Modified
2024-09-17 00:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point Software Technologies Ltd. | rdesktop |
Version: All versions up to and including v1.8.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"name": "GLSA-201903-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rdesktop",
"vendor": "Check Point Software Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions up to and including v1.8.3"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-14T23:06:12",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"name": "GLSA-201903-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2018-8794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rdesktop",
"version": {
"version_data": [
{
"version_value": "All versions up to and including v1.8.3"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"refsource": "MISC",
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"name": "GLSA-201903-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2018-8794",
"datePublished": "2019-02-05T20:00:00Z",
"dateReserved": "2018-03-19T00:00:00",
"dateUpdated": "2024-09-17T00:21:28.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8795 (GCVE-0-2018-8795)
Vulnerability from cvelistv5
Published
2019-02-05 20:00
Modified
2024-09-16 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point Software Technologies Ltd. | rdesktop |
Version: All versions up to and including v1.8.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"name": "GLSA-201903-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rdesktop",
"vendor": "Check Point Software Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions up to and including v1.8.3"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-14T23:06:13",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "106938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106938"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"name": "GLSA-201903-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2018-8795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rdesktop",
"version": {
"version_data": [
{
"version_value": "All versions up to and including v1.8.3"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
"refsource": "MISC",
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"name": "GLSA-201903-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2018-8795",
"datePublished": "2019-02-05T20:00:00Z",
"dateReserved": "2018-03-19T00:00:00",
"dateUpdated": "2024-09-16T17:44:07.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18568 (GCVE-0-2019-18568)
Vulnerability from cvelistv5
Published
2019-12-31 19:28
Modified
2024-09-17 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVIRA | Antivirus Free Antivirus |
Version: Antivirus Free Antivirus < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Antivirus Free Antivirus",
"vendor": "AVIRA",
"versions": [
{
"lessThanOrEqual": "15.0.1907.1514",
"status": "affected",
"version": "Antivirus Free Antivirus",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nicolas Delhaye from AIRBUS"
}
],
"datePublic": "2019-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T19:28:32",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Avira Free Antivirus is proned to a local privilege escalation through the execution of kernel code from a restricted user.",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"DATE_PUBLIC": "2019-07-24T00:00:00.000Z",
"ID": "CVE-2019-18568",
"STATE": "PUBLIC",
"TITLE": "Avira Free Antivirus is proned to a local privilege escalation through the execution of kernel code from a restricted user."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Antivirus Free Antivirus",
"version": {
"version_data": [
{
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "Antivirus Free Antivirus",
"version_value": "15.0.1907.1514"
}
]
}
}
]
},
"vendor_name": "AVIRA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nicolas Delhaye from AIRBUS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680 Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows",
"refsource": "CONFIRM",
"url": "https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2019-18568",
"datePublished": "2019-12-31T19:28:32.868744Z",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-09-17T02:31:40.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5086 (GCVE-0-2019-5086)
Vulnerability from cvelistv5
Published
2019-11-21 15:44
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20210210 [SECURITY] [DLA 2553-1] xcftools security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210308 [SECURITY] [DLA 2553-2] xcftools regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xcftools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "xcftools 1.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:56",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "[debian-lts-announce] 20210210 [SECURITY] [DLA 2553-1] xcftools security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210308 [SECURITY] [DLA 2553-2] xcftools regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xcftools",
"version": {
"version_data": [
{
"version_value": "xcftools 1.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20210210 [SECURITY] [DLA 2553-1] xcftools security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210308 [SECURITY] [DLA 2553-2] xcftools regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5086",
"datePublished": "2019-11-21T15:44:23",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5087 (GCVE-0-2019-5087)
Vulnerability from cvelistv5
Published
2019-11-21 15:44
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20210210 [SECURITY] [DLA 2553-1] xcftools security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210308 [SECURITY] [DLA 2553-2] xcftools regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xcftools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "xcftools 1.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row\u0027s allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:57",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "[debian-lts-announce] 20210210 [SECURITY] [DLA 2553-1] xcftools security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210308 [SECURITY] [DLA 2553-2] xcftools regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xcftools",
"version": {
"version_data": [
{
"version_value": "xcftools 1.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row\u0027s allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20210210 [SECURITY] [DLA 2553-1] xcftools security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210308 [SECURITY] [DLA 2553-2] xcftools regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5087",
"datePublished": "2019-11-21T15:44:57",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10929 (GCVE-0-2020-10929)
Vulnerability from cvelistv5
Published
2020-07-28 17:10
Modified
2024-08-04 11:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:12.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-709/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R6700",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "V1.0.4.84_10.0.58"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "d4rkn3ss from VNPT ISC"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T17:10:38",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-709/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6700",
"version": {
"version_data": [
{
"version_value": "V1.0.4.84_10.0.58"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "d4rkn3ss from VNPT ISC",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-709/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-709/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-10929",
"datePublished": "2020-07-28T17:10:38",
"dateReserved": "2020-03-24T00:00:00",
"dateUpdated": "2024-08-04T11:21:12.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11038 (GCVE-0-2020-11038)
Vulnerability from cvelistv5
Published
2020-05-29 00:00
Modified
2024-08-04 11:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:06:56.117877",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-h25x-cqr6-fp6g",
"discovery": "UNKNOWN"
},
"title": "Integer Overflow to Buffer Overflow in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11038",
"datePublished": "2020-05-29T00:00:00",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13576 (GCVE-0-2020-13576)
Vulnerability from cvelistv5
Published
2021-02-10 00:00
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187"
},
{
"name": "FEDORA-2021-faea36a9c3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/"
},
{
"name": "FEDORA-2021-1da151722e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/"
},
{
"name": "[debian-lts-announce] 20240229 [SECURITY] [DLA 3745-1] gsoap security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Genivia",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Genivia gSOAP 2.8.107"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:06:14.238643",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187"
},
{
"name": "FEDORA-2021-faea36a9c3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/"
},
{
"name": "FEDORA-2021-1da151722e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/"
},
{
"name": "[debian-lts-announce] 20240229 [SECURITY] [DLA 3745-1] gsoap security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-13576",
"datePublished": "2021-02-10T00:00:00",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-10: Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
CAPEC-100: Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
CAPEC-14: Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.
CAPEC-24: Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
CAPEC-45: Buffer Overflow via Symbolic Links
This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
CAPEC-46: Overflow Variables and Tags
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
CAPEC-67: String Format Overflow in syslog()
This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.
CAPEC-8: Buffer Overflow in an API Call
This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
CAPEC-9: Buffer Overflow in Local Command-Line Utilities
This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escalate privilege to root.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.