CVE-2023-40567

Опубликовано: 01 сент. 2023

Источник: redhat

CVSS3: 7.5

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the clear_decompress_bands_data function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.

A flaw was found in FreeRDP. Improper validation in the clear_decompress_bands_data function may allow for an out-of-bounds write, resulting in a crash.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	freerdp	Out of support scope
Red Hat Enterprise Linux 7	freerdp	Out of support scope
Red Hat Enterprise Linux 8	freerdp	Will not fix
Red Hat Enterprise Linux 9	freerdp	Fixed	RHSA-2024:2208	30.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2236656freerdp: Out-of-bounds write in clear_decompress_bands_data

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-40567

CVSS3: 6.5

ubuntu

почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.