Lucene search

K

GoogleOSV:CVE-2022-24882

HistoryApr 26, 2022 - 4:15 p.m.

CVE-2022-24882

2022-04-2616:15:47

Google

osv.dev

8

freerdp

remote desktop protocol

ntlm

authentication

vulnerability

patched

AI Score

7

Confidence

High

EPSS

0.004

Percentile

73.8%

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

References

github.com/FreeRDP/FreeRDP/pull/7750

github.com/FreeRDP/FreeRDP/releases/tag/2.7.0

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh

gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/

security.gentoo.org/glsa/202210-24

AI Score

7

Confidence

High

EPSS

0.004

Percentile

73.8%

Related for OSV:CVE-2022-24882

redhatcve1 nvd1 cvelist1 debiancve1 prion1 ubuntucve1 alpinelinux1 cve1 openvas9 ubuntu1 mageia1 fedora3 suse2 nessus5 osv1 altlinux2 gentoo1