Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-39318

Опубликовано: 16 нояб. 2022
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in urbdrc channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the /usb redirection switch.

A division-by-zero issue was found in FreeRDP's libusb_udevice.c in the urbdrc channel. This flaw exists due to missing input validation in the urbdrc channel. A malicious server can pass specially crafted data to the client, causing a crash and denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6freerdpOut of support scope
Red Hat Enterprise Linux 7freerdpOut of support scope
Red Hat Enterprise Linux 8freerdpFixedRHSA-2023:285116.05.2023
Red Hat Enterprise Linux 9freerdpFixedRHSA-2023:232609.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20->CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=2143644freerdp: division by zero in urbdrc channel

EPSS

Процентиль: 40%
0.00175
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-39318

CVSS3: 4.8
ubuntu
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

nvd логотип

CVE-2022-39318

CVSS3: 4.8
nvd
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

debian логотип

CVE-2022-39318

CVSS3: 4.8
debian
больше 2 лет назад

FreeRDP is a free remote desktop protocol library and clients. Affecte ...

fstec логотип

BDU:2022-06970

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость канала перенаправления USB (urbdrc) реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2022:4293-1

suse-cvrf
больше 2 лет назад

Security update for freerdp

EPSS

Процентиль: 40%
0.00175
Низкий

4.8 Medium

CVSS3

Уязвимость CVE-2022-39318