Lucene search

K

GoogleOSV:CVE-2022-39316

HistoryNov 16, 2022 - 8:15 p.m.

CVE-2022-39316

2022-11-1620:15:10

Google

osv.dev

8

freerdp

out of bound read

zgfx decoder

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

50.4%

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.

References

github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm

lists.debian.org/debian-lts-announce/2023/11/msg00010.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

security.gentoo.org/glsa/202401-16

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

50.4%

Related for OSV:CVE-2022-39316