Lucene search

K
mageiaGentoo FoundationMGASA-2022-0474
HistoryDec 17, 2022 - 9:48 p.m.

Updated freerdp packages fix security vulnerability

2022-12-1721:48:08
Gentoo Foundation
advisories.mageia.org
14
freerdp
packages
security vulnerability
input length validation
malicious server
cve-2022-41877
unix

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

0.002 Low

EPSS

Percentile

52.7%

Affected versions of FreeRDP are missing input length validation in ‘drive’ channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-41877)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchfreerdp< 2.2.0-1.5freerdp-2.2.0-1.5.mga8

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

0.002 Low

EPSS

Percentile

52.7%