Описание
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
Отчет
Although the vulnerable code could have been in versions of freerdp shipped with Red Hat Enterprise Linux 7 and 8, the build configuration disables the shadow-server functionality and thus the vulnerable code is not shipped. Therefore, versions of freerdp shipped with Red Hat Enterprise Linux 7 and 8 are not affected. The version of freerdp shipped with Red Hat Enterprise Linux 6 does not contain the vulnerable code in the first place.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 7 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 8 | freerdp | Not affected |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS3
Связанные уязвимости
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...
Уязвимость компонента gdi_SelectObject реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании
5.1 Medium
CVSS3