Debian Freerdp2 vulnerabilities

CVE-2022-39282 [LOW] CVE-2022-39282: freerdp2 - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based cli... FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do no

CVE-2022-39347 [LOW] CVE-2022-39347: freerdp2 - FreeRDP is a free remote desktop protocol library and clients. Affected versions... FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgr

CVE-2021-41160 [MEDIUM] CVE-2021-41160: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound wri

CVE-2021-41159 [MEDIUM] CVE-2021-41159: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update

CVE-2021-37595 [CRITICAL] CVE-2021-37595: freerdp2 - In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in c... In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. Scope: local bookworm: resolved bullseye: resolved

CVE-2021-37594 [CRITICAL] CVE-2021-37594: freerdp2 - In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in c... In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. Scope: local bookworm: resolved bullseye: resolved

CVE-2020-13398 [HIGH] CVE-2020-13398: freerdp2 - An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vu... An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11039 [HIGH] CVE-2020-11039: freerdp2 - In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB... In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-13396 [HIGH] CVE-2020-13396: freerdp2 - An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vul... An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11038 [MEDIUM] CVE-2020-11038: freerdp2 - In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow e... In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previo

CVE-2020-11042 [MEDIUM] CVE-2020-11042: freerdp2 - In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in ... In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. Scope: local bookworm: resolved (fixed

CVE-2020-11521 [MEDIUM] CVE-2020-11521: freerdp2 - libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-... libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11523 [MEDIUM] CVE-2020-11523: freerdp2 - libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integ... libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11046 [MEDIUM] CVE-2020-11046: freerdp2 - In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in u... In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11522 [MEDIUM] CVE-2020-11522: freerdp2 - libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Rea... libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11019 [MEDIUM] CVE-2020-11019: freerdp2 - In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TR... In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-13397 [MEDIUM] CVE-2020-13397: freerdp2 - An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vul... An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11047 [MEDIUM] CVE-2020-11047: freerdp2 - In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodet... In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bul

CVE-2020-11017 [MEDIUM] CVE-2020-11017: freerdp2 - In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicio... In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11018 [MEDIUM] CVE-2020-11018: freerdp2 - In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerabi... In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)