CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.0%
libfreerdp.so is vulnerable to Out-of-bounds write. The vulnerability is due to improper validation of runLengthFactor
which can lead to values that exceed the buffer limits, causing memory corruption. This could allow an attacker to potentially access sensitive information or cause a crash in the application.
github.com/FreeRDP/FreeRDP/commit/ecfafe4ad054435d84cb7b111ea73ebd46832fb6
github.com/FreeRDP/FreeRDP/pull/10077
github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/