Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-39350

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 31 Π°Π²Π³. 2023
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 7.5
EPSS Низкий

ОписаниС

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to WINPR_ASSERT with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in FreeRDP. When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS).

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 6freerdpOut of support scope
Red Hat Enterprise Linux 7freerdpOut of support scope
Red Hat Enterprise Linux 8freerdpWill not fix
Red Hat Enterprise Linux 9freerdpFixedRHSA-2024:220830.04.2024

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Moderate
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-191
https://bugzilla.redhat.com/show_bug.cgi?id=2236784freerdp: Incorrect offset calculation leading to DOS

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 55%
0.00327
Низкий

7.5 High

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-39350

CVSS3: 5.9
ubuntu
ΠΎΠΊΠΎΠ»ΠΎ 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-39350

CVSS3: 5.9
nvd
ΠΎΠΊΠΎΠ»ΠΎ 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-39350

CVSS3: 5.9
debian
ΠΎΠΊΠΎΠ»ΠΎ 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2023-05079

CVSS3: 5.9
fstec
ΠΎΠΊΠΎΠ»ΠΎ 2 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ RDP-ΠΊΠ»ΠΈΠ΅Π½Ρ‚Π° FreeRDP, связанная с цСлочислСнным ΠΏΠ΅Ρ€Π΅ΠΏΠΎΠ»Π½Π΅Π½ΠΈΠ΅ΠΌ, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2024-2208

oracle-oval
большС 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 55%
0.00327
Низкий

7.5 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2023-39350