Описание
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.
Меры по смягчению последствий
The vulnerability is associated with the use of the command line options: /drive, +multitouch, /paralell, /printer, and /servial. To mitigate this vulnerability, do not use these commands.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | freerdp | Fixed | RHSA-2020:4031 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | freerdp | Fixed | RHSA-2020:4647 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | vinagre | Fixed | RHSA-2020:4647 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.
In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...
Уязвимость irp-функций реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Moderate: freerdp and vinagre security, bug fix, and enhancement update
5.5 Medium
CVSS3