Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (/gt:rpc) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway.

CVE
Open in Source
#apache#git#perl

Impact

All FreeRDP clients using gateway connections (/gt:rpc)
Input data is not properly checked, a malicious gateway might allow client memory to be written out of bounds.

Patches

2.4.1

Workarounds

  1. Use /gt:http connection if possible
  2. Use a direct connection without gateway

Reported by Sunglin from the Knownsec 404 team & 0103 sec team

For more information

If you have any questions or comments about this advisory:

  • Open an issue in https://github.com/FreeRDP/FreeRDP
  • Email us at [email protected]
  • See https://www.freerdp.com/ for contact details
  • Email us at example email address

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE