CVE-2021-41160Out-of-bounds Write in Freerdp

CWE-787Out-of-bounds Write6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 70.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreerdpDebian Freerdp2Fedoraproject Fedora
Timeline
PublishedOct 21
Latest updateNov 23

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfreerdp/freerdp< 2.4.1
debiandebian/freerdp2< freerdp2 2.4.1+dfsg1-1 (bookworm)

Also affects: Fedora 33, 34, 35

🔴Vulnerability Details

2
OSV
freerdp2 vulnerabilities2021-11-23
OSV
CVE-2021-41160: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license2021-10-21

📋Vendor Advisories

3
Ubuntu
FreeRDP vulnerabilities2021-11-23
Red Hat
freerdp: improper region checks in all clients allow out of bound write to memory2021-10-21
Debian
CVE-2021-41160: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ...2021
CVE-2021-41160 — Out-of-bounds Write in Freerdp | cvebase