Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-40186

Опубликовано: 31 авг. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdi_CreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

released

2.10.0+dfsg1-1.1ubuntu1
esm-infra/bionic

released

2.2.0+dfsg1-0ubuntu0.18.04.4+esm1
esm-infra/focal

released

2.2.0+dfsg1-0ubuntu0.20.04.5
focal

released

2.2.0+dfsg1-0ubuntu0.20.04.5
jammy

released

2.6.1+dfsg1-3ubuntu2.4
lunar

released

2.10.0+dfsg1-1ubuntu0.2
mantic

released

2.10.0+dfsg1-1.1ubuntu1
trusty

ignored

end of standard support
upstream

released

2.11.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 28%
0.00097
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-40186

CVSS3: 7.5
redhat
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

nvd логотип

CVE-2023-40186

CVSS3: 6.5
nvd
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian логотип

CVE-2023-40186

CVSS3: 6.5
debian
почти 2 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec логотип

BDU:2023-05071

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость функции gdi_CreateSurface() RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2024-2208

oracle-oval
больше 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

Процентиль: 28%
0.00097
Низкий

6.5 Medium

CVSS3