Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-39350

Опубликовано: 31 авг. 2023
Источник: nvd
CVSS3: 5.9
CVSS3: 7.5
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to WINPR_ASSERT with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Версия до 2.11.0 (исключая)
cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 65%
0.00505
Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-191
CWE-191

Связанные уязвимости

ubuntu логотип

CVE-2023-39350

CVSS3: 5.9
ubuntu
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

redhat логотип

CVE-2023-39350

CVSS3: 7.5
redhat
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian логотип

CVE-2023-39350

CVSS3: 5.9
debian
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec логотип

BDU:2023-05079

CVSS3: 5.9
fstec
почти 2 года назад

Уязвимость RDP-клиента FreeRDP, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2024-2208

oracle-oval
больше 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

Процентиль: 65%
0.00505
Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-191
CWE-191