Описание
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (/gt:rpc) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway.
A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 9 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 7 | freerdp | Fixed | RHSA-2021:4619 | 11.11.2021 |
| Red Hat Enterprise Linux 8 | freerdp | Fixed | RHSA-2021:4622 | 11.11.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | freerdp | Fixed | RHSA-2021:4620 | 11.11.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | freerdp | Fixed | RHSA-2021:4621 | 11.11.2021 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | freerdp | Fixed | RHSA-2021:4623 | 11.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...
Уязвимость реализации протокола удалённого рабочего стола FreeRDP, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3