Vulnerability CVE-2013-4118

Vulnerability Name:

CVE-2013-4118 (CCN-87579)

Assigned:

2013-09-11

Published:

2013-09-11

Updated:

2020-03-06

Summary:

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-4118

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2016:2400

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2016:2402

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20130711 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20130712 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version

Source: BID
Type: Third Party Advisory, VDB Entry
61072

Source: CCN
Type: BID-61072
FreeRDP Multiple Security Vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 983078
(CVE-2013-4118, CVE-2013-4119) CVE-2013-4118 CVE-2013-4119 freerdp: Multiple security fixes in versions after 1.1.0-beta1

Source: XF
Type: UNKNOWN
freerdp-cve20134118-code-exec(87579)

Source: CCN
Type: FreeRDP GIT Repository
FreeRDP

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4118

Vulnerable Configuration:

Configuration 1:

cpe:/a:freerdp:freerdp:*:*:*:*:*:*:*:* (Version <= 1.0.2)

Configuration 2:

cpe:/o:opensuse:leap:42.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:freerdp:freerdp:1.1.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134118	V	CVE-2013-4118	2022-05-20
oval:org.opensuse.security:def:47161	P	sysconfig-0.84.0-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47015	P	libecpg6-9.4.9-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48019	P	git-core-2.12.3-27.17.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47327	P	libXxf86dga1-1.1.4-3.58 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47225	P	cpio-2.11-35.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47099	P	libyaml-0-2-0.1.6-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47965	P	bluez-5.13-5.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47256	P	freeradius-server-3.0.14-1.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11737	P	wdiff-1.2.1-3.64 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12486	P	icu-52.1-8.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17139	P	libwebkit2gtk-3_0-25-2.4.8-16.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11643	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11826	P	grub2-2.02~beta2-104.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17038	P	telepathy-idle-0.2.0-1.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46654	P	fetchmail-6.3.26-5.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11581	P	libXinerama1-1.1.3-3.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11804	P	file-5.19-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11762	P	augeas-1.2.0-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17161	P	empathy-3.12.12-7.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46431	P	gpg2-2.0.24-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11505	P	colord-1.1.7-5.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11662	P	libvorbis0-1.3.3-8.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12464	P	gnome-shell-search-provider-nautilus-3.20.3-23.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17127	P	libpcsclite1-32bit-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17070	P	libpcsclite1-32bit-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46801	P	openssh-6.6p1-29.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11628	P	libopenssl0_9_8-0.9.8j-81.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11813	P	gdm-3.10.0.1-52.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46563	P	python-libxml2-2.9.1-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16861	P	libotr-devel-4.0.0-9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16719	P	evolution-devel-3.22.6-19.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16892	P	libsrtp-devel-1.5.2-3.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16804	P	libcroco-0.6.11-12.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16685	P	alsa-devel-1.0.27.2-15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16677	P	FastCGI-2.4.0-168.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16928	P	mozilla-nspr-devel-4.21-19.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:24610	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25120	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:25033	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52947	P	Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53626	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:54470	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46239	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24421	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24411	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:24830	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25816	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53347	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:54351	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54185	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46106	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:17825	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:24691	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25134	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:52969	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:52946	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:53792	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:55746	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:24484	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:24980	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:53520	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:54389	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46119	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:46105	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:24747	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:25178	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:53109	P	Security update for python-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:54277	P	libjson-c2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54077	P	libxerces-c-3_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55820	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:17799	P	Security update for libtcnative-1-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:78454	P	Security update for freerdp (Moderate)	2016-10-12
oval:com.ubuntu.precise:def:20134118000	V	CVE-2013-4118 on Ubuntu 12.04 LTS (precise) - medium.	2016-10-03

BACK