fkie_nvd - fkie_cve-2019-17177

fkie_cve-2019-17177

Vulnerability from fkie_nvd

Published

2019-10-04 17:15

Modified

2024-11-21 04:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html	Third Party Advisory
cve@mitre.org	https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a	Patch, Vendor Advisory
cve@mitre.org	https://github.com/FreeRDP/FreeRDP/issues/5645	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202005-07	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4379-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRDP/FreeRDP/issues/5645	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202005-07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4379-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
freerdp	freerdp	*
freerdp	freerdp	1.1.0
freerdp	freerdp	1.1.0
freerdp	freerdp	2.0.0
freerdp	freerdp	2.0.0
freerdp	freerdp	2.0.0
freerdp	freerdp	2.0.0
freerdp	freerdp	2.0.0
freerdp	freerdp	2.0.0
opensuse	leap	15.0
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F437CAE0-7C2D-441D-8122-6E621F5D1DA4",
              "versionEndIncluding": "1.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:1.1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "848192C5-86DA-4CEE-B5BA-50739D48042C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:1.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "C041C9F2-173A-41F4-B965-EA75FF949914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "713589FE-376E-4E66-8282-66324EDF8264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8EB00-9004-4493-BC51-E8E1E0F5B83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F226993C-3AB8-4F86-8591-40CAAC8DD73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "985D90BF-3B2B-4A3C-B698-DBCB0241B95B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7C4656D2-EEC4-4871-BA0F-76F760526B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "72638FED-C111-4E4E-B32F-B040F744F5D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value."
    },
    {
      "lang": "es",
      "value": "El archivo libfreerdp/codec/region.c en FreeRDP versiones hasta 1.1.x y versiones 2.x hasta 2.0.0-rc4, presenta p\u00e9rdidas de memoria porque un puntero realloc suministrado (es decir, el primer argumento para realloc) tambi\u00e9n es usado para un valor de retorno realloc."
    }
  ],
  "id": "CVE-2019-17177",
  "lastModified": "2024-11-21T04:31:48.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-04T17:15:10.003",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/issues/5645"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202005-07"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4379-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/issues/5645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202005-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4379-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2019-17177

Vulnerability from cvelistv5

Published

2019-10-04 16:57

Modified

2024-08-05 01:33