Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-39282

Опубликовано: 13 окт. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (/parallel command line switch) as a workaround.

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information.

Отчет

FreeRDP based server implementations are not affected.

Меры по смягчению последствий

Workaround: Do not use parallel port redirection (/parallel command line switch)

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6freerdpOut of support scope
Red Hat Enterprise Linux 7freerdpOut of support scope
Red Hat Enterprise Linux 8freerdpFixedRHSA-2023:285116.05.2023
Red Hat Enterprise Linux 9freerdpFixedRHSA-2023:232609.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-908
https://bugzilla.redhat.com/show_bug.cgi?id=2134713freerdp: clients using `/parallel` command line switch might read uninitialized data

EPSS

Процентиль: 35%
0.00138
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-39282

CVSS3: 3.5
ubuntu
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.

nvd логотип

CVE-2022-39282

CVSS3: 3.5
nvd
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.

debian логотип

CVE-2022-39282

CVSS3: 3.5
debian
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. FreeRDP ...

fstec логотип

BDU:2022-06360

CVSS3: 3.5
fstec
больше 2 лет назад

Уязвимость RDP-клиента FreeRDP, связанная с использованием неинициализированного ресурса, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных

suse-cvrf логотип

SUSE-SU-2022:3984-1

suse-cvrf
больше 2 лет назад

Security update for freerdp

EPSS

Процентиль: 35%
0.00138
Низкий

7.5 High

CVSS3