Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310833500HistoryMar 04, 2024 - 12:00 a.m.
openSUSE: Security Advisory for freerdp (SUSE-SU-2023:0399-1)
2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
10
opensuse leap 15.4
freerdp
security advisory
vulnerability
package update
out of bound read
heap buffer overflow
missing input length validation
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
52.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833500");
script_version("2024-05-16T05:05:35+0000");
script_cve_id("CVE-2022-39316", "CVE-2022-39317", "CVE-2022-39320", "CVE-2022-39347", "CVE-2022-41877");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:N/A:N");
script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-11-29 19:51:04 +0000 (Tue, 29 Nov 2022)");
script_tag(name:"creation_date", value:"2024-03-04 07:22:10 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for freerdp (SUSE-SU-2023:0399-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.4");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:0399-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/5HFHJPZG25SD7UUVOQXLGWNODU62X6MC");
script_tag(name:"summary", value:"The remote host is missing an update for the 'freerdp'
package(s) announced via the SUSE-SU-2023:0399-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for freerdp fixes the following issues:
- CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512).
- CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512).
- CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel
(bsc#1205512).
- CVE-2022-39347: Fixed missing path sanitation with drive channel
(bsc#1205512).
- CVE-2022-41877: Fixed missing input length validation in drive channel
(bsc#1205512).");
script_tag(name:"affected", value:"'freerdp' package(s) on openSUSE Leap 15.4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"freerdp", rpm:"freerdp~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-debuginfo", rpm:"freerdp-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-debugsource", rpm:"freerdp-debugsource~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-devel", rpm:"freerdp-devel~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-proxy", rpm:"freerdp-proxy~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-proxy-debuginfo", rpm:"freerdp-proxy-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-server", rpm:"freerdp-server~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-server-debuginfo", rpm:"freerdp-server-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-wayland", rpm:"freerdp-wayland~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-wayland-debuginfo", rpm:"freerdp-wayland-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2", rpm:"libfreerdp2~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2-debuginfo", rpm:"libfreerdp2-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuwac0-0", rpm:"libuwac0-0~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuwac0-0-debuginfo", rpm:"libuwac0-0-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwinpr2", rpm:"libwinpr2~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwinpr2-debuginfo", rpm:"libwinpr2-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"uwac0-0-devel", rpm:"uwac0-0-devel~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"winpr2-devel", rpm:"winpr2-devel~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp", rpm:"freerdp~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-debuginfo", rpm:"freerdp-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-debugsource", rpm:"freerdp-debugsource~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-devel", rpm:"freerdp-devel~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-proxy", rpm:"freerdp-proxy~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-proxy-debuginfo", rpm:"freerdp-proxy-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-server", rpm:"freerdp-server~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-server-debuginfo", rpm:"freerdp-server-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-wayland", rpm:"freerdp-wayland~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-wayland-debuginfo", rpm:"freerdp-wayland-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2", rpm:"libfreerdp2~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2-debuginfo", rpm:"libfreerdp2-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuwac0-0", rpm:"libuwac0-0~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuwac0-0-debuginfo", rpm:"libuwac0-0-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwinpr2", rpm:"libwinpr2~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwinpr2-debuginfo", rpm:"libwinpr2-debuginfo~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"uwac0-0-devel", rpm:"uwac0-0-devel~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"winpr2-devel", rpm:"winpr2-devel~2.4.0~150400.3.18.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0399-1)
2023-02-14 00:00:00
Fedora: Security Advisory for freerdp (FEDORA-2022-076b1c9978)
2022-12-16 00:00:00
FreeRDP < 2.9.0 Multiple Vulnerabilities
2022-11-30 00:00:00
nessus
nessus
altlinux
altlinux
Security fix for the ALT Linux 9 package freerdp version 2.9.0-alt1
2022-12-06 00:00:00
freebsd
freebsd
freerdp -- multiple vulnerabilities
2022-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: freerdp-2.9.0-1.fc37
2022-12-16 01:57:27
[SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36
2022-12-16 01:43:13
redos
redos
ROS-20221121-02
2022-11-21 00:00:00
slackware
slackware
[slackware-security] freerdp
2022-11-17 20:05:55
mageia
mageia
Updated freerdp packages fix security vulnerability
2022-12-07 02:32:48
Updated freerdp packages fix security vulnerability
2022-12-17 21:48:08
redhat
redhat
(RHSA-2023:2851) Moderate: freerdp security update
2023-05-16 05:56:17
(RHSA-2023:2326) Moderate: freerdp security update
2023-05-09 05:07:27
amazon
amazon
Important: freerdp
2023-01-31 19:55:00
osv
osv
Moderate: freerdp security update
2023-05-16 00:00:00
Moderate: freerdp security update
2023-05-09 00:00:00
freerdp-2.9.0-1.1 on GA media
2024-06-15 00:00:00
oraclelinux
oraclelinux
freerdp security update
2023-05-15 00:00:00
freerdp security update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: freerdp security update
2023-05-09 00:00:00
Moderate: freerdp security update
2023-05-16 00:00:00
ubuntucve
ubuntucve
ubuntu
ubuntu
FreeRDP vulnerabilities
2022-11-22 00:00:00
FreeRDP vulnerabilities
2023-12-07 00:00:00
FreeRDP vulnerabilities
2023-11-29 00:00:00
alpinelinux
alpinelinux
redhatcve
redhatcve
veracode
veracode
Out Of Bound Reads
2022-11-23 06:51:55
Information Disclosure
2022-11-24 09:50:36
Denial Of Service (DoS)
2022-11-24 10:40:53
debiancve
debiancve
prion
prion
Design/Logic Flaw
2022-11-16 20:15:00
Design/Logic Flaw
2022-11-16 20:15:00
Design/Logic Flaw
2022-11-16 20:15:00
nvd
nvd
cve
cve
cvelist
cvelist
CVE-2022-41877 Missing input length validation in `drive` channel in FreeRDP
2022-11-16 00:00:00
CVE-2022-39347 Missing path sanitation with `drive` channel in FreeRDP
2022-11-16 00:00:00
CVE-2022-39316 Out of bound read in FreeRDP
2022-11-16 00:00:00
cnvd
cnvd
FreeRDP path traversal vulnerability
2022-11-18 00:00:00
FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78858)
2022-11-18 00:00:00
FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78857)
2022-11-18 00:00:00
debian
debian
[SECURITY] [DLA 3654-1] freerdp2 security update
2023-11-17 17:35:06
gentoo
gentoo
FreeRDP: Multiple Vulnerabilities
2024-01-12 00:00:00
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
52.8%
Related for OPENVAS:1361412562310833500