Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20221121-02
HistoryNov 21, 2022 - 12:00 a.m.

ROS-20221121-02

2022-11-2100:00:00
redos.red-soft.ru
43
freerdp
remote desktop
vulnerability
exploitation
denial of service
data access
disk channel
zgfx decoder
input verification
memory boundaries

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.9%

JSON

A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no
range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow
an attacker acting remotely to read the associated data and attempt to decode it

The vulnerability in the FreeRDP remote desktop protocol implementation is due to the fact that there is no
verification of input length in the urbdrc channel. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and send it to a remote user.
remotely to read the associated data and send it back to the server

A vulnerability in the implementation of the FreeRDP remote desktop protocol is related to reading beyond the memory boundaries of the
ZGFX decoder components. Exploitation of the vulnerability could allow an attacker acting remotely,
read the associated data and attempt to decode it

A vulnerability in the FreeRDP remote desktop protocol implementation is related to division by zero.
Exploitation of the vulnerability could allow an attacker acting remotely to transfer special data and
cause a denial of service

A vulnerability in the implementation of the FreeRDP remote desktop protocol is related to the fact that an attempt to add
integers to too small types results in allocating too small a buffer to store the written
data. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated
data and send it back to the server

A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no
There is no path hiding or base path validation for the “disk” channel. Exploitation of the vulnerability could
Allow an attacker acting remotely to read files outside of the shared directory

A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no
verification of input length in the “disk” channel. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and send it outside the shared directory.
remotely, read the associated data and send it back to the server

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64freerdp< 2.9.0-1UNKNOWN

Related

altlinux 1
nessus 25
openvas 15
freebsd 1
fedora 2
mageia 2
slackware 1
redhat 2
amazon 1
osv 14
oraclelinux 2
almalinux 2
ubuntu 3
ubuntucve 7
debian 1
alpinelinux 7
redhatcve 7
veracode 7
debiancve 7
gentoo 1
prion 7
nvd 7
cve 7
cvelist 7
cnvd 3
altlinux
altlinux
Security fix for the ALT Linux 9 package freerdp version 2.9.0-alt1
2022-12-06 00:00:00
nessus
nessus
FreeBSD : freerdp -- multiple vulnerabilities (1f0421b1-8398-11ed-973d-002b67dfc673)
2022-12-24 00:00:00
Slackware Linux 15.0 / current freerdp Multiple Vulnerabilities (SSA:2022-321-01)
2022-11-18 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2023:0399-1)
2023-02-15 00:00:00
openvas
openvas
Fedora: Security Advisory for freerdp (FEDORA-2022-076b1c9978)
2022-12-16 00:00:00
FreeRDP < 2.9.0 Multiple Vulnerabilities
2022-11-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0399-1)
2023-02-14 00:00:00
freebsd
freebsd
freerdp -- multiple vulnerabilities
2022-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: freerdp-2.9.0-1.fc37
2022-12-16 01:57:27
[SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36
2022-12-16 01:43:13
mageia
mageia
Updated freerdp packages fix security vulnerability
2022-12-07 02:32:48
Updated freerdp packages fix security vulnerability
2022-12-17 21:48:08
slackware
slackware
[slackware-security] freerdp
2022-11-17 20:05:55
redhat
redhat
(RHSA-2023:2851) Moderate: freerdp security update
2023-05-16 05:56:17
(RHSA-2023:2326) Moderate: freerdp security update
2023-05-09 05:07:27
amazon
amazon
Important: freerdp
2023-01-31 19:55:00
osv
osv
Moderate: freerdp security update
2023-05-16 00:00:00
Moderate: freerdp security update
2023-05-09 00:00:00
freerdp2 vulnerabilities
2022-11-22 13:48:33
oraclelinux
oraclelinux
freerdp security update
2023-05-15 00:00:00
freerdp security update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: freerdp security update
2023-05-09 00:00:00
Moderate: freerdp security update
2023-05-16 00:00:00
ubuntu
ubuntu
FreeRDP vulnerabilities
2022-11-22 00:00:00
FreeRDP vulnerabilities
2023-12-07 00:00:00
FreeRDP vulnerabilities
2023-11-29 00:00:00
ubuntucve
ubuntucve
CVE-2022-39317
2022-11-17 00:00:00
CVE-2022-41877
2022-11-16 00:00:00
CVE-2022-39316
2022-11-17 00:00:00
debian
debian
[SECURITY] [DLA 3654-1] freerdp2 security update
2023-11-17 17:35:06
alpinelinux
alpinelinux
CVE-2022-41877
2022-11-16 20:15:10
CVE-2022-39347
2022-11-16 20:15:10
CVE-2022-39316
2022-11-16 20:15:10
redhatcve
redhatcve
CVE-2022-41877
2022-11-17 13:57:02
CVE-2022-39316
2022-11-17 13:57:12
CVE-2022-39347
2022-11-17 13:56:50
veracode
veracode
Out Of Bound Reads
2022-11-23 06:51:55
Information Disclosure
2022-11-24 09:50:36
Denial Of Service (DoS)
2022-11-24 10:40:53
debiancve
debiancve
CVE-2022-39320
2022-11-16 20:15:10
CVE-2022-41877
2022-11-16 20:15:10
CVE-2022-39317
2022-11-16 21:15:10
gentoo
gentoo
FreeRDP: Multiple Vulnerabilities
2024-01-12 00:00:00
prion
prion
Design/Logic Flaw
2022-11-16 20:15:00
Design/Logic Flaw
2022-11-16 20:15:00
Design/Logic Flaw
2022-11-16 20:15:00
nvd
nvd
CVE-2022-39316
2022-11-16 20:15:10
CVE-2022-41877
2022-11-16 20:15:10
CVE-2022-39347
2022-11-16 20:15:10
cve
cve
CVE-2022-39316
2022-11-16 20:15:10
CVE-2022-41877
2022-11-16 20:15:10
CVE-2022-39347
2022-11-16 20:15:10
cvelist
cvelist
CVE-2022-41877 Missing input length validation in `drive` channel in FreeRDP
2022-11-16 00:00:00
CVE-2022-39347 Missing path sanitation with `drive` channel in FreeRDP
2022-11-16 00:00:00
CVE-2022-39316 Out of bound read in FreeRDP
2022-11-16 00:00:00
cnvd
cnvd
FreeRDP path traversal vulnerability
2022-11-18 00:00:00
FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78858)
2022-11-18 00:00:00
FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78857)
2022-11-18 00:00:00

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.9%

JSON
Related for ROS-20221121-02
altlinux1nessus25openvas15freebsd1fedora2mageia2slackware1redhat2amazon1osv14oraclelinux2almalinux2ubuntu3ubuntucve7debian1alpinelinux7redhatcve7veracode7debiancve7gentoo1prion7nvd7cve7cvelist7cnvd3