{"id":"CVE-2018-8789","details":"FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).","modified":"2026-02-24T11:29:49.028364Z","published":"2018-11-29T18:29:01.053Z","related":["MGASA-2019-0012","SUSE-SU-2019:0134-1","SUSE-SU-2019:0539-1","SUSE-SU-2020:2272-1","openSUSE-SU-2019:0325-1","openSUSE-SU-2024:10768-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/3845-2/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106938"},{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"},{"type":"ADVISORY","url":"https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3845-1/"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"},{"type":"EVIDENCE","url":"https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"last_affected":"84f8161897534d9263ffebe43092827d40fc7ffb"}]}],"versions":["1.0-beta1","1.0-beta2","1.0-beta3","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8789.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}