HP patches critical bugs in Teradici PCoIP software

Users are advised to patch their installations of the HP-acquired Teradici PC-over-IP remote desktop software that the company boasts is used by over 15 million endpoints, as it contains critical denial of service vulnerabilities.

Three bugs are rated as 9.8 out of 10.0 on the Common Vulnerabilities Scoring System (CVSS) version 3.1 scale.

They affect the open source libexpat streaming extended markup language parser, which is multiplatform and runs on Windows, macOS and Linux distributions.

Attackers exploiting an integer overflow bug can cause "uncontrolled resource consumption", HP said.

This arose because of an integer overflow, which caused problems if a calculation was "used for resource management or execution control", the advisory said.

On top of the three critical vulnerabilities, HP has released patches for five others with 7.8 and 8.8 severity rating.

A total of 11 client software development kits and operating system agents require updating, HP advised.

Two other vulnerabilities, rated as high and medium severity, also affect the HP Teradici PCoIP client and should be patched.

The flaws were found through the Black Duck open source auditing scanner, HP said.

HP acquired Teradici in October last year.