Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2326: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-39282: A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client’s server. The vulnerability allows a remote attacker to gain access to sensitive information.
  • CVE-2022-39283: A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure.
  • CVE-2022-39316: An out-of-bounds read vulnerability was found in the ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out-of-bound data and try to decode it. This will result in a crash, causing a denial of service.
  • CVE-2022-39317: An out-of-bounds read vulnerability was discovered in FreeRDP due to missing a range check for input offset index in the ZGFX decoder. A malicious server can trick a FreeRDP based client to read out-of-bound data and try to decode it, resulting in a crash.
  • CVE-2022-39318: A division-by-zero issue was found in FreeRDP’s libusb_udevice.c in the urbdrc channel. This flaw exists due to missing input validation in the urbdrc channel. A malicious server can pass specially crafted data to the client, causing a crash and denial of service.
  • CVE-2022-39319: An out-of-bound read vulnerability was discovered in FreeRDP due to improper input length validation in client/data_transfer.c in the urbdrc channel. A malicious server can trigger an out-of-bounds read by tricking a FreeRDP based client to read out-of-bound data and send it back to the server.
  • CVE-2022-39320: An out-of-bounds read vulnerability exists due to a boundary condition within the urbdrc channel. Attempting an integer addition on narrow types leads to the allocation of a buffer too small to hold the data written. A malicious server can trick a FreeRDP based client to read out-of-bound data and send it back to the server.
  • CVE-2022-39347: A directory traversal issue was discovered in FreeRDP. The vulnerability exists due to missing path canonicalization and base path check for the drive channel. A malicious server can trick a FreeRDP based client to read files outside of the shared directory. This issue allows an attacker to gain access to sensitive information.
  • CVE-2022-41877: An out-of-bounds read vulnerability was discovered in FreeRDP due to improper input length validation in the drive channel. A malicious server can trick a FreeRDP based client to read out-of-bound data and send it back to the server.
Red Hat Security Data
#vulnerability#mac#windows#microsoft#linux#red_hat#dos#apache#buffer_overflow#ibm

概述

Moderate: freerdp security update

类型/严重性

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for freerdp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

  • freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282)
  • freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283)
  • freerdp: out of bounds read in zgfx decoder (CVE-2022-39316)
  • freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317)
  • freerdp: division by zero in urbdrc channel (CVE-2022-39318)
  • freerdp: missing length validation in urbdrc channel (CVE-2022-39319)
  • freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320)
  • freerdp: missing path sanitation with `drive` channel (CVE-2022-39347)
  • freerdp: missing input length validation in `drive` channel (CVE-2022-41877)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

修复

  • BZ - 2134713 - CVE-2022-39282 freerdp: clients using `/parallel` command line switch might read uninitialized data
  • BZ - 2134717 - CVE-2022-39283 freerdp: clients using the `/video` command line switch might read uninitialized data
  • BZ - 2143642 - CVE-2022-39316 freerdp: out of bounds read in zgfx decoder
  • BZ - 2143643 - CVE-2022-39317 freerdp: undefined behaviour in zgfx decoder
  • BZ - 2143644 - CVE-2022-39318 freerdp: division by zero in urbdrc channel
  • BZ - 2143645 - CVE-2022-39319 freerdp: missing length validation in urbdrc channel
  • BZ - 2143646 - CVE-2022-39320 freerdp: heap buffer overflow in urbdrc channel
  • BZ - 2143647 - CVE-2022-39347 freerdp: missing path sanitation with `drive` channel
  • BZ - 2143648 - CVE-2022-41877 freerdp: missing input length validation in `drive` channel

CVE

  • CVE-2022-39282
  • CVE-2022-39283
  • CVE-2022-39316
  • CVE-2022-39317
  • CVE-2022-39318
  • CVE-2022-39319
  • CVE-2022-39320
  • CVE-2022-39347
  • CVE-2022-41877

参考

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

freerdp-2.4.1-5.el9.src.rpm

SHA-256: 2543050727294e13ac7e414f0ac572ba9512752ec123e98805e524a6ff183c41

x86_64

freerdp-2.4.1-5.el9.x86_64.rpm

SHA-256: 90d701a27aac2cf6cbb1ae0a7fb32f081aebda5317d2504847281b0051659f49

freerdp-debuginfo-2.4.1-5.el9.i686.rpm

SHA-256: 4e97b9b337ecc08542308cdcd24e76e9e866ab1d89ebe50f562830531d68f3db

freerdp-debuginfo-2.4.1-5.el9.x86_64.rpm

SHA-256: 108c42451af613643009dcd803b1f35a242c4206ce764b7c56476567acb81802

freerdp-debugsource-2.4.1-5.el9.i686.rpm

SHA-256: 938173be9c611a7a186b0d9c848a6cd3c8e88322befb5728bd45ca8065b4e963

freerdp-debugsource-2.4.1-5.el9.x86_64.rpm

SHA-256: cf03bf5c8d35993188c343ddb0a1a64a55ab0b50e864c11365a1da8f8123e9f6

freerdp-libs-2.4.1-5.el9.i686.rpm

SHA-256: f876ce991faea619e165538eb4f6373d22be327a70796c9382e6e8ea507f9391

freerdp-libs-2.4.1-5.el9.x86_64.rpm

SHA-256: c912dc073f6239c951e94707f48a040cfd2145c4dfc04e9aaf4ab3bcde26b9e4

freerdp-libs-debuginfo-2.4.1-5.el9.i686.rpm

SHA-256: 2b641a2adbe0539eea2d5e7ded66ec7310c8e10ab9bfa9c290db7eb8d43ff2fb

freerdp-libs-debuginfo-2.4.1-5.el9.x86_64.rpm

SHA-256: b73551f4c8ca00dc32f9ab238d36faee772a67358ce62448fb5b162746a6c4f0

libwinpr-2.4.1-5.el9.i686.rpm

SHA-256: 6c818430b3a55e4748a3563d6dacd6aa0d2c041c247decfed53239167b731f81

libwinpr-2.4.1-5.el9.x86_64.rpm

SHA-256: 960e2205b210ff6d080cbacaf7b40780e3b09660458ec930829329fee2a8238b

libwinpr-debuginfo-2.4.1-5.el9.i686.rpm

SHA-256: c7e37d22fc9528d3d3a204f51e57cf806229a68255dba0a7f7d6d4a63e2b6db1

libwinpr-debuginfo-2.4.1-5.el9.x86_64.rpm

SHA-256: 30016d31f5cfb77788d0ee10c93fc59f391beef87d8db6f809e8670d3c87d0d1

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

freerdp-2.4.1-5.el9.src.rpm

SHA-256: 2543050727294e13ac7e414f0ac572ba9512752ec123e98805e524a6ff183c41

s390x

freerdp-2.4.1-5.el9.s390x.rpm

SHA-256: 07761e193ec5848dc7d799fc40d9020aa21578e4b16579c45c148391bfbf142a

freerdp-debuginfo-2.4.1-5.el9.s390x.rpm

SHA-256: 57935814d28dd82c76ba507975590681bdb4d5ef5d6be6fa42e842ca85e48b09

freerdp-debugsource-2.4.1-5.el9.s390x.rpm

SHA-256: b60e119ae8048601cc2677c4c60460ff630e7eddccd7dbbde6fb53bebf0ce616

freerdp-libs-2.4.1-5.el9.s390x.rpm

SHA-256: aa530220233a20a03419f7b998c0b5c637c90558bc4e29dd2a1c114d0e786d3b

freerdp-libs-debuginfo-2.4.1-5.el9.s390x.rpm

SHA-256: a7a16df9f66f982b5d7a458132f21108be6cb9eca10a9881370439ef24395649

libwinpr-2.4.1-5.el9.s390x.rpm

SHA-256: 5946d3cb74313b94ed2ad97acd8b32f4070100dab8b4cf057be1581033a2c3dd

libwinpr-debuginfo-2.4.1-5.el9.s390x.rpm

SHA-256: a3b0f8c16aaddbbf35da764c31c7f367915141a126f21892db2add51d8da03fe

Red Hat Enterprise Linux for Power, little endian 9

SRPM

freerdp-2.4.1-5.el9.src.rpm

SHA-256: 2543050727294e13ac7e414f0ac572ba9512752ec123e98805e524a6ff183c41

ppc64le

freerdp-2.4.1-5.el9.ppc64le.rpm

SHA-256: 285f746e8e9cbc8f1da6e6deb6255134ea19f90f43cef5ca2867ac816122048d

freerdp-debuginfo-2.4.1-5.el9.ppc64le.rpm

SHA-256: 48c9595cccbe6fe16551b94c91ed8edd00ad8ab316fa9ae181160162f48a689f

freerdp-debugsource-2.4.1-5.el9.ppc64le.rpm

SHA-256: b9c548eb015c74ed52a3f46704c44ec7eea8f378c9b1451bc8022fa59b072093

freerdp-libs-2.4.1-5.el9.ppc64le.rpm

SHA-256: 819b787feda61ef5f45a1d06e20e7f665ffa72fee9605ea782607a6bf8b22308

freerdp-libs-debuginfo-2.4.1-5.el9.ppc64le.rpm

SHA-256: 72289f2a96118434f0e2b7131ffedf719117d0a720a990de2c568247de11a8f0

libwinpr-2.4.1-5.el9.ppc64le.rpm

SHA-256: e784e209972d732b29f65aef9ef6650a0c8fa289de14b8e564cad98fc5ec1589

libwinpr-debuginfo-2.4.1-5.el9.ppc64le.rpm

SHA-256: 97470cfd15520598ff4d22b5a8bfb5f513cfcc2717ee0cac9ecf2783e6f37aac

Red Hat Enterprise Linux for ARM 64 9

SRPM

freerdp-2.4.1-5.el9.src.rpm

SHA-256: 2543050727294e13ac7e414f0ac572ba9512752ec123e98805e524a6ff183c41

aarch64

freerdp-2.4.1-5.el9.aarch64.rpm

SHA-256: bc565adc398d292f381f4199bed5e7c84c19ac44a2ea4453eed61ec14f7ab493

freerdp-debuginfo-2.4.1-5.el9.aarch64.rpm

SHA-256: d80d2caab95cde643c5a3abd8ec8bd3b693024e781492cab316f85e991f47f89

freerdp-debugsource-2.4.1-5.el9.aarch64.rpm

SHA-256: 7e2d6015622543997662e7f87920c8e3a768494e11504561edebc1616ed52a19

freerdp-libs-2.4.1-5.el9.aarch64.rpm

SHA-256: 5699151921071e4acf900045ec68ff90c9eb410050bda598648369c24eb733a1

freerdp-libs-debuginfo-2.4.1-5.el9.aarch64.rpm

SHA-256: 0d8297a426929dcd558640c814b26f218b28dc31a0ef9d27561aa2b2def2e5c2

libwinpr-2.4.1-5.el9.aarch64.rpm

SHA-256: 68acc45bbb172605d3d34f8db96f90b93aced86fc3296493b546f6f0d2bcb44e

libwinpr-debuginfo-2.4.1-5.el9.aarch64.rpm

SHA-256: e222e535f6ca14094b32353d7fc7409a920f1a4ed950bec029a8c290756ee297

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

freerdp-debuginfo-2.4.1-5.el9.i686.rpm

SHA-256: 4e97b9b337ecc08542308cdcd24e76e9e866ab1d89ebe50f562830531d68f3db

freerdp-debuginfo-2.4.1-5.el9.x86_64.rpm

SHA-256: 108c42451af613643009dcd803b1f35a242c4206ce764b7c56476567acb81802

freerdp-debugsource-2.4.1-5.el9.i686.rpm

SHA-256: 938173be9c611a7a186b0d9c848a6cd3c8e88322befb5728bd45ca8065b4e963

freerdp-debugsource-2.4.1-5.el9.x86_64.rpm

SHA-256: cf03bf5c8d35993188c343ddb0a1a64a55ab0b50e864c11365a1da8f8123e9f6

freerdp-devel-2.4.1-5.el9.i686.rpm

SHA-256: 47c53bf2c638109e89558451161f4c1e4fa86c6272c63f6a38f03475868d39ea

freerdp-devel-2.4.1-5.el9.x86_64.rpm

SHA-256: 4340f82bf3d3d31cb07f98cf98633da2d2d09624063217a71397c4e67365647d

freerdp-libs-debuginfo-2.4.1-5.el9.i686.rpm

SHA-256: 2b641a2adbe0539eea2d5e7ded66ec7310c8e10ab9bfa9c290db7eb8d43ff2fb

freerdp-libs-debuginfo-2.4.1-5.el9.x86_64.rpm

SHA-256: b73551f4c8ca00dc32f9ab238d36faee772a67358ce62448fb5b162746a6c4f0

libwinpr-debuginfo-2.4.1-5.el9.i686.rpm

SHA-256: c7e37d22fc9528d3d3a204f51e57cf806229a68255dba0a7f7d6d4a63e2b6db1

libwinpr-debuginfo-2.4.1-5.el9.x86_64.rpm

SHA-256: 30016d31f5cfb77788d0ee10c93fc59f391beef87d8db6f809e8670d3c87d0d1

libwinpr-devel-2.4.1-5.el9.i686.rpm

SHA-256: b1a916e4d63e485eb2cfcdd0d73b1af754446af028225365879f86f61882598f

libwinpr-devel-2.4.1-5.el9.x86_64.rpm

SHA-256: 34871b8ed6f5d4164c1566c4f75807c28f475879fdfebe7fe9dec6b907fb9a9d

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

freerdp-debuginfo-2.4.1-5.el9.ppc64le.rpm

SHA-256: 48c9595cccbe6fe16551b94c91ed8edd00ad8ab316fa9ae181160162f48a689f

freerdp-debugsource-2.4.1-5.el9.ppc64le.rpm

SHA-256: b9c548eb015c74ed52a3f46704c44ec7eea8f378c9b1451bc8022fa59b072093

freerdp-devel-2.4.1-5.el9.ppc64le.rpm

SHA-256: 85f6ba5da3d626669eca081861e1b16d7251c18336ec8ca6e8f3a4d95a77e89f

freerdp-libs-debuginfo-2.4.1-5.el9.ppc64le.rpm

SHA-256: 72289f2a96118434f0e2b7131ffedf719117d0a720a990de2c568247de11a8f0

libwinpr-debuginfo-2.4.1-5.el9.ppc64le.rpm

SHA-256: 97470cfd15520598ff4d22b5a8bfb5f513cfcc2717ee0cac9ecf2783e6f37aac

libwinpr-devel-2.4.1-5.el9.ppc64le.rpm

SHA-256: 9b67bc07574f4aa666ede6bbc92322248e11d40f1d63b0becd605b22599f481b

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

freerdp-debuginfo-2.4.1-5.el9.aarch64.rpm

SHA-256: d80d2caab95cde643c5a3abd8ec8bd3b693024e781492cab316f85e991f47f89

freerdp-debugsource-2.4.1-5.el9.aarch64.rpm

SHA-256: 7e2d6015622543997662e7f87920c8e3a768494e11504561edebc1616ed52a19

freerdp-devel-2.4.1-5.el9.aarch64.rpm

SHA-256: 3b57620253da570e4a3ed6c1712958cd513ff56f5ff884936d56bebc4221bcac

freerdp-libs-debuginfo-2.4.1-5.el9.aarch64.rpm

SHA-256: 0d8297a426929dcd558640c814b26f218b28dc31a0ef9d27561aa2b2def2e5c2

libwinpr-debuginfo-2.4.1-5.el9.aarch64.rpm

SHA-256: e222e535f6ca14094b32353d7fc7409a920f1a4ed950bec029a8c290756ee297

libwinpr-devel-2.4.1-5.el9.aarch64.rpm

SHA-256: 064cf7b6f43cb53681de5cdceee32a86e7d6b649792a3225b371c05056e81008

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

freerdp-debuginfo-2.4.1-5.el9.s390x.rpm

SHA-256: 57935814d28dd82c76ba507975590681bdb4d5ef5d6be6fa42e842ca85e48b09

freerdp-debugsource-2.4.1-5.el9.s390x.rpm

SHA-256: b60e119ae8048601cc2677c4c60460ff630e7eddccd7dbbde6fb53bebf0ce616

freerdp-devel-2.4.1-5.el9.s390x.rpm

SHA-256: 8e4f0591dec6e721864565697998401ce337e846d766034d95412cefb5d4c750

freerdp-libs-debuginfo-2.4.1-5.el9.s390x.rpm

SHA-256: a7a16df9f66f982b5d7a458132f21108be6cb9eca10a9881370439ef24395649

libwinpr-debuginfo-2.4.1-5.el9.s390x.rpm

SHA-256: a3b0f8c16aaddbbf35da764c31c7f367915141a126f21892db2add51d8da03fe

libwinpr-devel-2.4.1-5.el9.s390x.rpm

SHA-256: 25b2e70e886d18d82a6efb4416caf67883adca5551e46990022cf7b10fe1d0f8

Related news

Gentoo Linux Security Advisory 202401-16

Gentoo Linux Security Advisory 202401-16 - Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution. Versions greater than or equal to 2.11.0 are affected.

Ubuntu Security Notice USN-6522-2

Ubuntu Security Notice 6522-2 - USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6522-1

Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-2851-01

Red Hat Security Advisory 2023-2851-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

RHSA-2023:2851: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39282: A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information. * CVE-2022-39283: A vulnerability was found in FreeRDP where all clients using the /video comma...

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

Ubuntu Security Notice USN-5734-1

Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.

CVE-2022-39319: Missing length validation in urbdrc channel

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

CVE-2022-39318: Division by zero in urbdrc channel

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

CVE-2022-39317: Undefined behaviour in zgfx decoder

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.

CVE-2022-39320: Heap buffer overflow in urbdrc channel

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

CVE-2022-41877: Missing input length validation in `drive` channel

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.

CVE-2022-39316: Added missing length checks in zgfx_decompress_segment · FreeRDP/FreeRDP@e865c24

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.

CVE-2022-39347: Missing path sanitation with `drive` channel

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.

CVE-2022-39283: Release 2.8.1 · FreeRDP/FreeRDP

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

CVE-2022-39283: Release 2.8.1 · FreeRDP/FreeRDP

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.