Lucene search

K

[email protected]NVD:CVE-2022-39317

HistoryNov 16, 2022 - 9:15 p.m.

CVE-2022-39317

2022-11-1621:15:10

CWE-125

[email protected]

web.nvd.nist.gov

2

freerdp

remote desktop

security issue

version 2.9.0

zgfx decoder

out of bound data

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

49.1%

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.

Affected configurations

NVD

Node

freerdpfreerdpRange<2.9.0

Node

fedoraprojectfedoraMatch36

OR

fedoraprojectfedoraMatch37

References

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

security.gentoo.org/glsa/202401-16

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

49.1%

Related for NVD:CVE-2022-39317

redhatcve1 osv4 prion1 cvelist1 debiancve1 cve1 veracode1 alpinelinux1 ubuntucve1 nessus19 openvas9 mageia1 slackware1 redos1 freebsd1 fedora2 altlinux1 ubuntu1 oraclelinux2 almalinux2 redhat2 amazon1 gentoo1