Lucene search

K

[email protected]NVD:CVE-2022-39320

HistoryNov 16, 2022 - 8:15 p.m.

CVE-2022-39320

2022-11-1620:15:10

CWE-125

[email protected]

web.nvd.nist.gov

2

freerdp

remote desktop

integer addition

vulnerability

upgrade

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

49.1%

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the /usb redirection switch.

Affected configurations

NVD

Node

freerdpfreerdpRange<2.9.0

Node

fedoraprojectfedoraMatch36

OR

fedoraprojectfedoraMatch37

References

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

security.gentoo.org/glsa/202401-16

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

49.1%

Related for NVD:CVE-2022-39320

debiancve1 cvelist1 alpinelinux1 cve1 redhatcve1 prion1 veracode1 cnvd1 osv4 ubuntucve1 nessus18 openvas8 mageia1 slackware1 redos1 altlinux1 freebsd1 fedora2 ubuntu1 oraclelinux2 almalinux2 redhat2 amazon1 gentoo1