Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using /bpp:32 legacy GDI drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. /rfx or /gfx options). The workaround requires server side support.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | needs-triage | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/noble | released | 2.11.5+dfsg1-1ubuntu0.1~esm1 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | released | 2.6.1+dfsg1-0ubuntu0.20.04.1 |
| focal | released | 2.6.1+dfsg1-0ubuntu0.20.04.1 |
| jammy | released | 2.6.1+dfsg1-3ubuntu2.6 |
| mantic | released | 2.10.0+dfsg1-1.1ubuntu1.2 |
| noble | needed | |
| oracular | ignored | end of life, was needed |
| plucky | not-affected | 2.11.7+dfsg1-4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.5.0+dfsg1-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | released | 3.5.0+dfsg1-0ubuntu1 |
| oracular | released | 3.5.0+dfsg1-0ubuntu1 |
| plucky | released | 3.5.0+dfsg1-0ubuntu1 |
| questing | released | 3.5.0+dfsg1-0ubuntu1 |
| upstream | released | 3.5.0 |
Показывать по
Ссылки на источники
EPSS
8.1 High
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...
Уязвимость функции interleaved_decompress() RDP-клиента FreeRDP, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
8.1 High
CVSS3