CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39316 – Out of bound read in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39316
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39317 – Out of bounds read in zgfx decoder in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39317
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat.com/security/cve/CVE-2022-39317 https://bugzilla.redhat.com/show_bug.cgi?id=2143643 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39318 – Division by zero in urbdrc channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39318
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-20: Improper Input Validation CWE-369: Divide By Zero •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39319 – Missing length validation in urbdrc channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39319
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. • https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39320 – Heap buffer overflow in urbdrc channel
https://notcve.org/view.php?id=CVE-2022-39320
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat.com/security/cve/CVE-2022-39320 https://bugzilla.redhat.com/show_bug.cgi?id=2143646 • CWE-125: Out-of-bounds Read •