GitHub_MCVELIST:CVE-2022-39282CVE-2022-39282 RDP client: Read of uninitialized memory with parallel port redirection
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
7.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.8%
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (/parallel command line switch) as a workaround.
CNA Affected
[
{
"vendor": "FreeRDP",
"product": "FreeRDP",
"versions": [
{
"version": "<= 2.8.0",
"status": "affected"
}
]
}
]References
github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
lists.debian.org/debian-lts-announce/2023/11/msg00010.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
security.gentoo.org/glsa/202210-24
Related
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
7.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.8%