Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-39283

Опубликовано: 13 окт. 2022
Источник: redhat
CVSS3: 7.5

Описание

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the /video switch.

A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure.

Отчет

FreeRDP based server implementations are not affected.

Меры по смягчению последствий

Workaround: Do not use the /video switch

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6freerdpOut of support scope
Red Hat Enterprise Linux 7freerdpOut of support scope
Red Hat Enterprise Linux 8freerdpFixedRHSA-2023:285116.05.2023
Red Hat Enterprise Linux 9freerdpFixedRHSA-2023:232609.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2134717freerdp: clients using the `/video` command line switch might read uninitialized data

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-39283

CVSS3: 5.9
ubuntu
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

nvd логотип

CVE-2022-39283

CVSS3: 5.9
nvd
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

debian логотип

CVE-2022-39283

CVSS3: 5.9
debian
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. All Fre ...

fstec логотип

BDU:2022-06362

CVSS3: 5.9
fstec
больше 2 лет назад

Уязвимость RDP-клиента FreeRDP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ на чтение, изменение или удаление аудио/видео данных

suse-cvrf логотип

SUSE-SU-2022:3984-1

suse-cvrf
больше 2 лет назад

Security update for freerdp

7.5 High

CVSS3