CVE-2019-17177 - OpenCVE

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Leap
Freerdp	Freerdp

Configuration 1 [-]

OR	cpe:2.3:a:freerdp:freerdp::::::::
	cpe:2.3:a:freerdp:freerdp:1.1.0:beta::::::
	cpe:2.3:a:freerdp:freerdp:1.1.0:beta1::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:beta1::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc0::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc1::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc2::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc3::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc4::::::

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html	Third Party Advisory
https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a	Patch Vendor Advisory
https://github.com/FreeRDP/FreeRDP/issues/5645	Third Party Advisory
https://security.gentoo.org/glsa/202005-07	Third Party Advisory
https://usn.ubuntu.com/4379-1/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-04T16:57:40

Updated: 2020-10-08T19:30:13

Reserved: 2019-10-04T00:00:00

Link: CVE-2019-17177

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-04T17:15:10.003

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-17177

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-08T19:30:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/FreeRDP/FreeRDP/issues/5645"}, {"name": "openSUSE-SU-2019:2604", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html"}, {"name": "openSUSE-SU-2019:2608", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"}, {"name": "GLSA-202005-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202005-07"}, {"name": "USN-4379-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4379-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17177", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/FreeRDP/FreeRDP/issues/5645", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/issues/5645"}, {"name": "openSUSE-SU-2019:2604", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html"}, {"name": "openSUSE-SU-2019:2608", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"}, {"name": "GLSA-202005-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202005-07"}, {"name": "USN-4379-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4379-1/"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17177", "datePublished": "2019-10-04T16:57:40", "dateReserved": "2019-10-04T00:00:00", "dateUpdated": "2020-10-08T19:30:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "F437CAE0-7C2D-441D-8122-6E621F5D1DA4", "versionEndIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:1.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "848192C5-86DA-4CEE-B5BA-50739D48042C", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:1.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "C041C9F2-173A-41F4-B965-EA75FF949914", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "713589FE-376E-4E66-8282-66324EDF8264", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "C9D8EB00-9004-4493-BC51-E8E1E0F5B83A", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F226993C-3AB8-4F86-8591-40CAAC8DD73E", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "985D90BF-3B2B-4A3C-B698-DBCB0241B95B", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7C4656D2-EEC4-4871-BA0F-76F760526B1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "72638FED-C111-4E4E-B32F-B040F744F5D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value."}, {"lang": "es", "value": "El archivo libfreerdp/codec/region.c en FreeRDP versiones hasta 1.1.x y versiones 2.x hasta 2.0.0-rc4, presenta p\u00e9rdidas de memoria porque un puntero realloc suministrado (es decir, el primer argumento para realloc) tambi\u00e9n es usado para un valor de retorno realloc."}], "id": "CVE-2019-17177", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-04T17:15:10.003", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/issues/5645"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202005-07"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4379-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}