CVE-2022-39283
FreeRDP may read and display out of bounds data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.
FreeRDP es una librería de protocolo de escritorio remoto libre y clientes. Todos los clientes basados en FreeRDP cuando usan el switch de línea de comandos "/video" pueden leer datos no inicializados, decodificarlos como audio/vídeo y mostrar el resultado. Las implementaciones de servidores basados en FreeRDP no están afectadas. Este problema ha sido parcheado en versión 2.8.1. Si no puede actualizar, no use el switch "/video"
A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-02 CVE Reserved
- 2022-10-12 CVE Published
- 2024-05-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-908: Use of Uninitialized Resource
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 | Release Notes | |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freerdp Search vendor "Freerdp" | Freerdp Search vendor "Freerdp" for product "Freerdp" | < 2.8.1 Search vendor "Freerdp" for product "Freerdp" and version " < 2.8.1" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
|