Page 5 of 103 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

21 Oct 2021 — FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

21 Oct 2021 — FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) ... • https://github.com/Jajangjaman/CVE-2021-41160 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

27 Jul 2021 — In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. En FreeRDP versiones anteriores a 2.4.0 en Windows, la función wf_cliprdr_server_file_contents_request en el archivo client/Windows/wf_cliprdr.c presenta una falta de comprobaciones de entrada para un PDU de Petición de Contenido de Archivo FILECONTENTS_SIZE • https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

27 Jul 2021 — In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. En FreeRDP versiones anteriores a 2.4.0 en Windows, la función wf_cliprdr_server_file_contents_request en el archivo client/Windows/wf_cliprdr.c presenta una falta de comprobaciones de entrada para un PDU de petición de contenido de archivo FILECONTENTS_RANGE • https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0

27 Jul 2020 — In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto En FreeRDP versiones ante... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se producen lecturas fuera de límite que resultan en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática de PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en license_read_new_or_upgrade_license_packet. Un paquete de licencia manipulado puede conllevar a lecturas fuera del limite en un búfer interno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en TrioParse. El registro puede omitir las comprobaciones de longitud de cadena debido a un desbordamiento de enteros. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

22 Jun 2020 — In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta un uso de la memoria previamente liberada en gdi_SelectObject. Todos los clientes FreeRDP que usan el modo de compatibilidad con /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

22 Jun 2020 — In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una vulnerabilidad de conversión de enteros en update_recv_secondary_order. Todos los clientes con +glyph-cache /relax-order-checks están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-681: Incorrect Conversion between Numeric Types •