CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41159 – Improper client input validation for FreeRDP gateway connections allows to overwrite memory
https://notcve.org/view.php?id=CVE-2021-41159
21 Oct 2021 — FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41160 – Improper region checks in FreeRDP allow out of bound write to memory
https://notcve.org/view.php?id=CVE-2021-41160
21 Oct 2021 — FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) ... • https://github.com/Jajangjaman/CVE-2021-41160 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37594
https://notcve.org/view.php?id=CVE-2021-37594
27 Jul 2021 — In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. En FreeRDP versiones anteriores a 2.4.0 en Windows, la función wf_cliprdr_server_file_contents_request en el archivo client/Windows/wf_cliprdr.c presenta una falta de comprobaciones de entrada para un PDU de Petición de Contenido de Archivo FILECONTENTS_SIZE • https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37595
https://notcve.org/view.php?id=CVE-2021-37595
27 Jul 2021 — In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. En FreeRDP versiones anteriores a 2.4.0 en Windows, la función wf_cliprdr_server_file_contents_request en el archivo client/Windows/wf_cliprdr.c presenta una falta de comprobaciones de entrada para un PDU de petición de contenido de archivo FILECONTENTS_RANGE • https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15103 – Integer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-15103
27 Jul 2020 — In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto En FreeRDP versiones ante... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11095 – Global OOB read in update_recv_primary_order in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11095
22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se producen lecturas fuera de límite que resultan en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática de PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11096 – Global OOB read in update_read_cache_bitmap_v3_order in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11096
22 Jun 2020 — In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura OOB global en update_read_cache_bitmap_v3_order. Como solución alternativa, se puede deshabilitar la memoria caché de mapa de bits con -bitmap-cache (predeterminado). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11097 – OOB read in ntlm_av_pair_get in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11097
22 Jun 2020 — In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se produce una lectura fuera de límites resultando en el acceso a una ubicación de memoria que está fuera de límites de la matriz estática PRIMARY_DRAWING_ORDER_FIELD_BYTES. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation of... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11098 – Out-of-bound read in glyph_cache_put in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11098
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límite en glyph_cache_put. Esto afecta a todos los clientes de FreeRDP con la opción "+glyph-cache" habilitada. Esto es corregido en la versión 2.1.2 FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11099 – OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11099
22 Jun 2020 — In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en license_read_new_or_upgrade_license_packet. Un paquete de licencia manipulado puede conllevar a lecturas fuera del limite en un búfer interno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html • CWE-125: Out-of-bounds Read •