CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
52.0%
libfreerdp.so is vulnerable to Denial Of Service (DoS). The vulnerability is due to a defect in the nsc_rle_decode
and nsc_rle_decompress_data
functions in the libfreerdp/codec/nsc.c
file. This can lead to application crash resulting in Denial of Service (DoS)
github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175
github.com/FreeRDP/FreeRDP/commit/63a2f65618748c12f79ff7450d46c6e194f2db76
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq
lists.debian.org/debian-lts-announce/2023/10/msg00008.html
lists.fedoraproject.org/archives/list/[email protected]/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/
lists.fedoraproject.org/archives/list/[email protected]/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/
lists.fedoraproject.org/archives/list/[email protected]/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/
security.gentoo.org/glsa/202401-16