Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| freerdp3 | fixed | 3.24.0+dfsg-1 | package | |
| freerdp2 | removed | package |
Примечания
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3
Fixed by: https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8 (3.24.0)
EPSS
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. An attacker may be able to leverage this weakness to leak global data.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
EPSS