Lucene search

PRIOn knowledge basePRION:CVE-2022-39320

HistoryNov 16, 2022 - 8:15 p.m.

Design/Logic Flaw

2022-11-1620:15:00

PRIOn knowledge base

www.prio-n.com

freerdp

integer addition

design flaw

version 2.9.0

remote desktop protocol

malicious server

out of bound data

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the /usb redirection switch.

CPENameOperatorVersion
fedoraeq36
fedoraeq37
freerdplt2.9.0

Name	Operator	Version
fedora	eq	36
fedora	eq	37
freerdp	lt	2.9.0

References

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

security.gentoo.org/glsa/202401-16