Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-39350

Опубликовано: 31 авг. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to WINPR_ASSERT with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in FreeRDP. When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6freerdpOut of support scope
Red Hat Enterprise Linux 7freerdpOut of support scope
Red Hat Enterprise Linux 8freerdpWill not fix
Red Hat Enterprise Linux 9freerdpFixedRHSA-2024:220830.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-191
https://bugzilla.redhat.com/show_bug.cgi?id=2236784freerdp: Incorrect offset calculation leading to DOS

EPSS

Процентиль: 53%
0.00308
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-39350

CVSS3: 5.9
ubuntu
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2023-39350

CVSS3: 5.9
nvd
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian логотип

CVE-2023-39350

CVSS3: 5.9
debian
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec логотип

BDU:2023-05079

CVSS3: 5.9
fstec
почти 2 года назад

Уязвимость RDP-клиента FreeRDP, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2024-2208

oracle-oval
больше 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

Процентиль: 53%
0.00308
Низкий

7.5 High

CVSS3