Teradici PCoIP Agent DoS via Null Pointer Dereference

Advisory Information

  • Advisory ID: TERA-SA-000079
  • CVE Numbers and Scores:
  • Published: 11 May 2021
  • Last Updated: 11 May 2021
  • Download PDF

Summary

An attacker may cause a Denial of Service (DoS) in Teradici PCoIP Agent via a Null Pointer Dereference.

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.


Affected Products

  • Teradici PCoIP Agent 21.01 prior to 21.01.5
  • Teradici PCoIP Agent 21.03 prior to 21.03.1
  • Teradici PCoIP Agent 20.10 prior to 20.10.6

Solutions and Mitigations

Available Updates

Update to the latest version here - Teradici Cloud Access Software

Vulnerability Details

Acknowledgements

Thanks to Michael Fowl and the team at VDA Labs for discovering this one.

CVE-2021-25693

An attacker may cause a Denial of Service (DoS) in Teradici PCoIP CAS Agent via a Null Pointer Dereference.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

11 May 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.