CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39347 – Missing path sanitation with `drive` channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39347
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch. • https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39282 – RDP client: Read of uninitialized memory with parallel port redirection
https://notcve.org/view.php?id=CVE-2022-39282
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. • https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39283 – FreeRDP may read and display out of bounds data
https://notcve.org/view.php?id=CVE-2022-39283
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. • https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2022-24882 – Server side NTLM does not properly check parameters in FreeRDP
https://notcve.org/view.php?id=CVE-2022-24882
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. • https://github.com/FreeRDP/FreeRDP/pull/7750 https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD https://lists.fedoraproject. • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24883 – FreeRDP Server authentication might allow invalid credentials to pass
https://notcve.org/view.php?id=CVE-2022-24883
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. • https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL https://lists.fedoraproject.org/archives/list/pa • CWE-287: Improper Authentication •