Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-40186

Опубликовано: 31 авг. 2023
Источник: nvd
CVSS3: 6.5
CVSS3: 9.8
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdi_CreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Версия до 2.11.0 (исключая)
cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 28%
0.00097
Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-190
CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2023-40186

CVSS3: 6.5
ubuntu
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

redhat логотип

CVE-2023-40186

CVSS3: 7.5
redhat
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian логотип

CVE-2023-40186

CVSS3: 6.5
debian
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec логотип

BDU:2023-05071

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость функции gdi_CreateSurface() RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2024-2208

oracle-oval
больше 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

Процентиль: 28%
0.00097
Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-190
CWE-190