Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-41159

Опубликовано: 21 окт. 2021
Источник: debian
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freerdp2fixed2.4.1+dfsg1-1package
freerdp2ignoredbullseyepackage
freerdp2ignoredbusterpackage
freerdpremovedpackage

Примечания

  • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq

  • https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports)

  • The RFC gateway parsing code has been completly refactored, backporting to 2.3.x is not feasible.

  • https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe

EPSS

Процентиль: 18%
0.00057
Низкий

Связанные уязвимости

CVSS3: 5.8
ubuntu
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

CVSS3: 8.8
redhat
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

CVSS3: 5.8
nvd
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

CVSS3: 8.8
fstec
почти 4 года назад

Уязвимость реализации протокола удалённого рабочего стола FreeRDP, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

suse-cvrf
почти 3 года назад

Security update for freerdp

EPSS

Процентиль: 18%
0.00057
Низкий