Veracode Vulnerability DatabaseVERACODE:46617

HistoryApr 25, 2024 - 7:00 a.m.

Denial Of Service (DoS)

2024-04-2507:00:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

freerdp

vulnerability

denial of service

size allocation

software

crash

malicious server

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

10.3%

JSON

FreeRDP is vulnerable to Denial of Service (DoS). The vulnerability is due to allocating an size, which can cause the FreeRDP client to crash when connected to a malicious server.

References

github.com/FreeRDP/FreeRDP/commit/0381b3bef6e09b17576445186d26a07ec3772b1a

github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx

lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

oss-fuzz.com/testcase-detail/5559242514825216

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

10.3%

JSON

Related for VERACODE:46617