CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41159 – Improper client input validation for FreeRDP gateway connections allows to overwrite memory
https://notcve.org/view.php?id=CVE-2021-41159
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG https://security.gentoo.org/glsa/202210-24 https://access.redhat.com/security/cve/CVE-2021-41159 https://bugzilla.redhat.com/show_bug.cgi?id=2016403 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41160 – Improper region checks in FreeRDP allow out of bound write to memory
https://notcve.org/view.php?id=CVE-2021-41160
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. • https://github.com/Jajangjaman/CVE-2021-41160 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WIZUPVRGCWUDAPDOQVUGUIYUO7UWKMXX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37594
https://notcve.org/view.php?id=CVE-2021-37594
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. En FreeRDP versiones anteriores a 2.4.0 en Windows, la función wf_cliprdr_server_file_contents_request en el archivo client/Windows/wf_cliprdr.c presenta una falta de comprobaciones de entrada para un PDU de Petición de Contenido de Archivo FILECONTENTS_SIZE • https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37595
https://notcve.org/view.php?id=CVE-2021-37595
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. En FreeRDP versiones anteriores a 2.4.0 en Windows, la función wf_cliprdr_server_file_contents_request en el archivo client/Windows/wf_cliprdr.c presenta una falta de comprobaciones de entrada para un PDU de petición de contenido de archivo FILECONTENTS_RANGE • https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15103 – Integer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-15103
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto En FreeRDP versiones anteriores o igual a 2.1.2, se presenta un desbordamiento de enteros debido a una falta de saneamiento de entrada en el canal rdpegfx. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4 https://github.com/FreeRDP/FreeRDP/pull/6382 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •