Soft Client Out of Bounds Write

Advisory Information

  • Advisory ID: TERA-SA-000075
  • CVE Numbers and Scores:
  • Published: 9 Feb. 2021
  • Last Updated: 9 Feb. 2021
  • Download PDF

Summary

An out of bounds write in Teradici PCoIP soft client versions  prior to version 20.10.1 could allow an attacker to remotely execute code.


Affected Products

  • PCoIP Soft Client for Windows 20.10.0 and earlier
  • PCoIP Soft Client for Linux 20.10.0 and earlier
  • PCoIP Soft Client for OSX 20.10.0 and earlier

Solutions and Mitigations

Available Updates

https://docs.teradici.com/find/product/software-and-mobile-clients

Vulnerability Details

Acknowledgements

Thanks to Michael Fowl and the team and VDA Labs for their help with discovery.

CVE-2021-25689

An out of bounds write in Teradici PCoIP soft client versions  prior to version 20.10.1 could allow an attacker to remotely execute code.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources

  • https://docs.teradici.com/find/product/software-and-mobile-clients

Revision History

9 Feb. 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.