CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
54.9%
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no
range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow
an attacker acting remotely to read the associated data and attempt to decode it
The vulnerability in the FreeRDP remote desktop protocol implementation is due to the fact that there is no
verification of input length in the urbdrc channel. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and send it to a remote user.
remotely to read the associated data and send it back to the server
A vulnerability in the implementation of the FreeRDP remote desktop protocol is related to reading beyond the memory boundaries of the
ZGFX decoder components. Exploitation of the vulnerability could allow an attacker acting remotely,
read the associated data and attempt to decode it
A vulnerability in the FreeRDP remote desktop protocol implementation is related to division by zero.
Exploitation of the vulnerability could allow an attacker acting remotely to transfer special data and
cause a denial of service
A vulnerability in the implementation of the FreeRDP remote desktop protocol is related to the fact that an attempt to add
integers to too small types results in allocating too small a buffer to store the written
data. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated
data and send it back to the server
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no
There is no path hiding or base path validation for the “disk” channel. Exploitation of the vulnerability could
Allow an attacker acting remotely to read files outside of the shared directory
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no
verification of input length in the “disk” channel. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and send it outside the shared directory.
remotely, read the associated data and send it back to the server