CVE-2021-41160
Improper region checks in FreeRDP allow out of bound write to memory
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
FreeRDP es una implementación libre del Protocolo de Escritorio Remoto (RDP), publicada bajo la licencia Apache. En las versiones afectadas, un servidor malicioso podría desencadenar escrituras fuera de límites en un cliente conectado. Las conexiones que usan GDI o SurfaceCommands para enviar actualizaciones de gráficos al cliente podrían enviar rectángulos de anchura/altura "0" o fuera de límites para desencadenar escrituras fuera de límites. Con una anchura o altura de "0" la asignación de memoria será "0" pero las comprobaciones de límites faltantes permiten escribir en el puntero en esta región (no asignada). Este problema ha sido parcheado en FreeRDP versión 2.4.1
A flaw was found in the FreeRDP client where it fails to validate input data when using connections with GDI or SurfaceCommands. This flaw could allow a malicious server sending graphics updates to a client to cause an out of bounds write in client memory using a specially crafted input. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-15 CVE Reserved
- 2021-10-21 CVE Published
- 2022-12-27 First Exploit
- 2024-07-06 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Jajangjaman/CVE-2021-41160 | 2022-12-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freerdp Search vendor "Freerdp" | Freerdp Search vendor "Freerdp" for product "Freerdp" | < 2.4.1 Search vendor "Freerdp" for product "Freerdp" and version " < 2.4.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||