CVE-2022-41877Improper Restriction of Operations within the Bounds of a Memory Buffer in Freerdp

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-1284Improper Validation of Specified Quantity in Input8 documents5 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 63.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreerdpDebian Freerdp2Fedoraproject Fedora
Timeline
PublishedNov 16
Latest updateDec 7

Description

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:LExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

NVDfreerdp/freerdp< 2.9.0
debiandebian/freerdp2< freerdp2 2.9.0+dfsg1-1 (bookworm)

Also affects: Fedora 36, 37

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
freerdp2 vulnerabilities2023-12-07
OSV
freerdp2 vulnerabilities2023-11-29
OSV
CVE-2022-41877: FreeRDP is a free remote desktop protocol library and clients2022-11-16

📋Vendor Advisories

4
Ubuntu
FreeRDP vulnerabilities2023-12-07
Ubuntu
FreeRDP vulnerabilities2023-11-29
Red Hat
freerdp: missing input length validation in `drive` channel2022-11-16
Debian
CVE-2022-41877: freerdp2 - FreeRDP is a free remote desktop protocol library and clients. Affected versions...2022
CVE-2022-41877 — Freerdp vulnerability | cvebase