Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-40181

Опубликовано: 31 авг. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.3

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the zgfx_decompress_segment function. In the context of CopyMemory, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

released

2.10.0+dfsg1-1.1ubuntu1
esm-infra/bionic

released

2.2.0+dfsg1-0ubuntu0.18.04.4+esm1
esm-infra/focal

not-affected

2.2.0+dfsg1-0ubuntu0.20.04.5
focal

released

2.2.0+dfsg1-0ubuntu0.20.04.5
jammy

released

2.6.1+dfsg1-3ubuntu2.4
lunar

released

2.10.0+dfsg1-1ubuntu0.2
mantic

released

2.10.0+dfsg1-1.1ubuntu1
trusty

ignored

end of standard support
upstream

released

2.11.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 23%
0.00074
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-40181

CVSS3: 7.5
redhat
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

nvd логотип

CVE-2023-40181

CVSS3: 5.3
nvd
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian логотип

CVE-2023-40181

CVSS3: 5.3
debian
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec логотип

BDU:2023-05077

CVSS3: 6.5
fstec
около 2 лет назад

Уязвимость функции zgfx_decompress_segment() RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2024-2208

oracle-oval
больше 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

Процентиль: 23%
0.00074
Низкий

5.3 Medium

CVSS3