CVE-2023-39354 – FreeRDP Out-Of-Bounds Read in nsc_rle_decompress_data
https://notcve.org/view.php?id=CVE-2023-39354
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. • https://github.com/FreeRDP/FreeRDP/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr • CWE-125: Out-of-bounds Read •
CVE-2023-39350 – Incorrect offset calculation leading to denial of service in FreeRDP
https://notcve.org/view.php?id=CVE-2023-39350
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. • https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2023-40589 – FreeRDP Global-Buffer-Overflow in ncrush_decompress
https://notcve.org/view.php?id=CVE-2023-40589
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •