Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use /gfx options (e.g. deactivate with /bpp:32 or /rfx as it is on by default).
A flaw was found in FreeRDP-based clients. Affected versions of FreeRDP are vulnerable to an integer overflow and out-of-bounds write. This issue occurs when the sum of the runLengthFactor and pixelIndex values become large enough to overflow the uint32 type and bypass an error check when clearing residual data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | freerdp | Out of support scope | ||
| Red Hat Enterprise Linux 8 | freerdp | Will not fix | ||
| Red Hat Enterprise Linux 9 | freerdp | Fixed | RHSA-2024:9092 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...
Уязвимость RDP-клиента FreeRDP, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3