CVE-2023-40187

2023-08-3122:15:08

Google

osv.dev

freerdp

remote desktop protocol

use-after-free

vulnerability fix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the avc420_ensure_buffer and avc444_ensure_buffer functions. If the value of piDstSize[x] is 0, ppYUVDstData[x] will be freed. However, in this case ppYUVDstData[x] will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.

CPENameOperatorVersion
freerdpeq1.1.0-beta1+android3
freerdpeq1.0.1
freerdpeq1.1.0-beta1
freerdpeq1.2.0-beta1+android7
freerdpeq1.1.0-beta1+android5
freerdpeq1.1.0-beta1+ios4
freerdpeq1.0-beta4
freerdpeq2.0.0-rc0
freerdpeq2.0.0-beta1+android10
freerdpeq1.0-beta2

Name	Operator	Version
freerdp	eq	1.1.0-beta1+android3
freerdp	eq	1.0.1
freerdp	eq	1.1.0-beta1
freerdp	eq	1.2.0-beta1+android7
freerdp	eq	1.1.0-beta1+android5
freerdp	eq	1.1.0-beta1+ios4
freerdp	eq	1.0-beta4
freerdp	eq	2.0.0-rc0
freerdp	eq	2.0.0-beta1+android10
freerdp	eq	1.0-beta2