CVE-2017-2834

Published: 27 July 2017

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.

Priority

Medium

CVSS 3 base score: 7.0

Status

Package Release Status
freerdp
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)