Описание
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.
Меры по смягчению последствий
The flaw can be mitigated by not running the freerdp client with the /gfx connection modes and/or not connecting to untrusted or compromised rdp servers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | freerdp | Fixed | RHSA-2020:4031 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | freerdp | Fixed | RHSA-2020:4647 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | vinagre | Fixed | RHSA-2020:4647 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.7 Low
CVSS3
Связанные уязвимости
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...
Уязвимость функции clear_decompress_subcode_rlex реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании
Moderate: freerdp and vinagre security, bug fix, and enhancement update
EPSS
2.7 Low
CVSS3