Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-40589

Опубликовано: 31 авг. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.3

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

released

2.10.0+dfsg1-1.1ubuntu1
esm-infra/bionic

released

2.2.0+dfsg1-0ubuntu0.18.04.4+esm1
esm-infra/focal

released

2.2.0+dfsg1-0ubuntu0.20.04.5
focal

released

2.2.0+dfsg1-0ubuntu0.20.04.5
jammy

released

2.6.1+dfsg1-3ubuntu2.4
lunar

released

2.10.0+dfsg1-1ubuntu0.2
mantic

released

2.10.0+dfsg1-1.1ubuntu1
trusty

ignored

end of standard support
upstream

released

2.11.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%
0.00145
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-40589

CVSS3: 7.5
redhat
около 2 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

nvd логотип

CVE-2023-40589

CVSS3: 4.3
nvd
около 2 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian логотип

CVE-2023-40589

CVSS3: 4.3
debian
около 2 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...

fstec логотип

BDU:2023-05065

CVSS3: 4.3
fstec
около 2 лет назад

Уязвимость функции ncrush_decompress() RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2024-2208

oracle-oval
больше 1 года назад

ELSA-2024-2208: freerdp security update (MODERATE)

EPSS

Процентиль: 35%
0.00145
Низкий

4.3 Medium

CVSS3

Уязвимость CVE-2023-40589