CVE-2018-8789

Source
https://cve.org/CVERecord?id=CVE-2018-8789
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8789.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-8789
Downstream
Related
Published
2018-11-29T18:29:01.053Z
Modified
2026-07-08T18:16:20.986631Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "freerdp:freerdp",
            "extracted_events": [
                {
                    "last_affected": "1.2.0"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
            ],
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "introduced": "14.04"
                },
                {
                    "last_affected": "14.04"
                },
                {
                    "introduced": "16.04"
                },
                {
                    "last_affected": "16.04"
                },
                {
                    "introduced": "18.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "introduced": "18.10"
                },
                {
                    "last_affected": "18.10"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.0.0-rc1"
        },
        {
            "last_affected": "2.0.0-rc1"
        },
        {
            "introduced": "2.0.0-rc2"
        },
        {
            "last_affected": "2.0.0-rc2"
        },
        {
            "introduced": "2.0.0-rc3"
        },
        {
            "last_affected": "2.0.0-rc3"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3

Database specific

vanir_signatures
[
    {
        "digest": {
            "function_hash": "104666998909858465077127195473671038048",
            "length": 166.0
        },
        "target": {
            "function": "ntlm_write_message_header",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-058ee239",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "170710971707607590783363297821836205900",
            "length": 205.0
        },
        "target": {
            "function": "ntlm_free_message_fields_buffer",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-2a259ec6",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "283843652711872419912044124972920986301",
            "length": 154.0
        },
        "target": {
            "function": "ntlm_populate_message_header",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-2e3f0579",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "216458904940794659093048359955489533779",
            "length": 226.0
        },
        "target": {
            "function": "ntlm_read_message_fields",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-3d0a6a25",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "227272114302109720051846611850339263089",
            "length": 297.0
        },
        "target": {
            "function": "ntlm_print_message_fields",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-3e03cc66",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "79989285417187504712620478628419143651",
            "length": 287.0
        },
        "target": {
            "function": "ntlm_read_message_header",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-435e63a0",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "330687294269170097786740306995284855654",
            "length": 366.0
        },
        "target": {
            "function": "ntlm_read_message_fields_buffer",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-5479e757",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "173110592803849705728268197453211253761",
            "length": 179.0
        },
        "target": {
            "function": "ntlm_write_message_fields_buffer",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-70826ef2",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "270777398848695346094829189835817021072",
            "length": 232.0
        },
        "target": {
            "function": "ntlm_write_message_fields",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-71db47ec",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "141388096029824229107258550406043917158",
                "190381604198957738224615821904871198816",
                "107472011250675843518337461985410453668",
                "331657587905935938375928408124442702365",
                "294933032372482990280748369613247204181",
                "257299346344913977102996256675409972028",
                "326533349057509587644257562962924979813",
                "288220213863572331025000392570149192136",
                "320422840755663457233989205783420236795",
                "72000167384395992132114718759336864713",
                "134520156972828202007209773547494507962",
                "224485915753400266215066766221479310924",
                "278027235894386815449509789099664286242",
                "237779382959456724208502170486875097488",
                "175712396941016635511519837515906449920",
                "323175446857894556215237070598178406542",
                "280099474914777847042906139552064963937",
                "126147951973595458915084138453863604080",
                "94243000257200106645124783253277634325",
                "57356964325644180767956680465074050366",
                "295733755374876150530365560171671275797",
                "197218410595583638667719244783813296207",
                "275837846088023751954566886446380264501",
                "158292710558326824696219635057138516273",
                "14187902352233405405689005472155043846",
                "30761050056529296441160300875491919331",
                "57678404627833274032894164970895703648",
                "286405008913403208215458626518378822318",
                "317873073681882337630457940006601050610",
                "30522712860483800440740391271894874517",
                "230905932345515611423920906348374256119",
                "56506130904988361277835373318002353398",
                "93282956823528385495003637186796287285",
                "273075007549549054288273079153090172423",
                "250126465286811355096668887674986024217",
                "103917916208501266416136027903653871419",
                "86283449482104195398886800675729523542",
                "274204957841935652757746360191395365760",
                "258094129583314623248906007764725294860",
                "74818200391575424598381810720983480611",
                "180402389028844245743152125932673243213",
                "161477785166185900976576829104618949833",
                "258473084281935068844384514057278756772",
                "86901371115714568833490039928028219431",
                "234469747823974058129348078647458644448",
                "38778876087778001309056396153912066779"
            ]
        },
        "target": {
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-c373971f",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "19375029799383113552940580250917110217",
            "length": 306.0
        },
        "target": {
            "function": "ntlm_print_negotiate_flags",
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "id": "CVE-2018-8789-f2a8a60d",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6",
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8789.json"
vanir_signatures_modified
"2026-07-08T18:16:20Z"