Описание
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0
width/height or out of bound rectangles to trigger out of bound writes. With 0
width or heigth the memory allocation will be 0
but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
A flaw was found in the FreeRDP client where it fails to validate input data when using connections with GDI or SurfaceCommands. This flaw could allow a malicious server sending graphics updates to a client to cause an out of bounds write in client memory using a specially crafted input. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 6 | freerdp | Not affected | ||
Red Hat Enterprise Linux 9 | freerdp | Not affected | ||
Red Hat Enterprise Linux 7 | freerdp | Fixed | RHSA-2021:4619 | 11.11.2021 |
Red Hat Enterprise Linux 8 | freerdp | Fixed | RHSA-2021:4622 | 11.11.2021 |
Red Hat Enterprise Linux 8.1 Extended Update Support | freerdp | Fixed | RHSA-2021:4620 | 11.11.2021 |
Red Hat Enterprise Linux 8.2 Extended Update Support | freerdp | Fixed | RHSA-2021:4621 | 11.11.2021 |
Red Hat Enterprise Linux 8.4 Extended Update Support | freerdp | Fixed | RHSA-2021:4623 | 11.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...
Уязвимость реализации протокола удалённого рабочего стола FreeRDP, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3