Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38236

HistoryNov 24, 2022 - 10:40 a.m.

Out Of Bound Reads

2022-11-2410:40:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

freerdp vulnerability

out-of-bound reads

zgfx decoder

range check

attacker

server

EPSS

0.001

Percentile

48.9%

freerdp is vulnerable to out-of-bound reads. The vulnerability exists due to missing a range check for input offset index in ZGFX decoder which allows an attacker read out of bound data and send it back to the server.

References

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

lists.fedoraproject.org/archives/list/[email protected]/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

lists.fedoraproject.org/archives/list/[email protected]/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

secdb.alpinelinux.org/edge/community.yaml

secdb.alpinelinux.org/v3.17/community.yaml

EPSS

0.001

Percentile

48.9%

Related for VERACODE:38236

debiancve1 alpinelinux1 cve1 nvd1 prion1 osv4 redhatcve1 cvelist1 ubuntucve1 openvas9 nessus19 mageia1 altlinux1 freebsd1 fedora2 redos1 slackware1 ubuntu1 redhat2 amazon1 oraclelinux2 almalinux2 gentoo1