vulnerability
Oracle Linux: CVE-2022-39319: ELSA-2023-2851: freerdp security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:H/Au:S/C:P/I:N/A:P) | Nov 16, 2022 | May 18, 2023 | Dec 1, 2024 |
Severity
4
CVSS
(AV:N/AC:H/Au:S/C:P/I:N/A:P)
Published
Nov 16, 2022
Added
May 18, 2023
Modified
Dec 1, 2024
Description
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
An out-of-bound read vulnerability was discovered in FreeRDP due to improper input length validation in client/data_transfer.c in the urbdrc channel. A malicious server can trigger an out-of-bounds read by tricking a FreeRDP based client to read out-of-bound data and send it back to the server.
An out-of-bound read vulnerability was discovered in FreeRDP due to improper input length validation in client/data_transfer.c in the urbdrc channel. A malicious server can trigger an out-of-bounds read by tricking a FreeRDP based client to read out-of-bound data and send it back to the server.
Solution(s)
oracle-linux-upgrade-freerdporacle-linux-upgrade-freerdp-develoracle-linux-upgrade-freerdp-libsoracle-linux-upgrade-libwinproracle-linux-upgrade-libwinpr-devel

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.