ISHACK AI BOT

Red Hat: CVE-2023-39356: freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2023-39356 RHSA-2024:2208

Red Hat: CVE-2023-40567: freerdp: Out-of-bounds write in clear_decompress_bands_data (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2023-40567 RHSA-2024:2208

Gentoo Linux: CVE-2023-39351: FreeRDP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-39351 CVE - 2023-39351 202401-16

Ubuntu: USN-6401-1 (CVE-2023-39350): FreeRDP vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-libfreerdp2-2 ubuntu-pro-upgrade-libwinpr2-2 ubuntu-pro-upgrade-libwinpr2-dev References https://attackerkb.com/topics/cve-2023-39350 CVE - 2023-39350 USN-6401-1

Gentoo Linux: CVE-2023-40187: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40187 CVE - 2023-40187 202401-16

Oracle Linux: CVE-2023-39351: ELSA-2024-2208:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/22/2024 Added 05/07/2024 Modified 11/30/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in FreeRDP. If the initialization process of tiles is incomplete, for various reasons, tiles will have a NULL pointer. This can be accessed in further processing, causing a program crash. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-39351 CVE - 2023-39351 ELSA-2024-2208

Red Hat: CVE-2023-40589: freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2023-40589 RHSA-2024:2208

Ubuntu: USN-6401-1 (CVE-2023-39351): FreeRDP vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-libfreerdp2-2 ubuntu-pro-upgrade-libwinpr2-2 ubuntu-pro-upgrade-libwinpr2-dev References https://attackerkb.com/topics/cve-2023-39351 CVE - 2023-39351 USN-6401-1

SUSE: CVE-2023-40181: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181

SUSE: CVE-2023-39354: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` withoutchecking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2023-39354 CVE - 2023-39354

SUSE: CVE-2023-39353: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2023-39353 CVE - 2023-39353

Ubuntu: USN-6401-1 (CVE-2023-40186): FreeRDP vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) ubuntu-pro-upgrade-libfreerdp2-2 ubuntu-pro-upgrade-libwinpr2-2 ubuntu-pro-upgrade-libwinpr2-dev References https://attackerkb.com/topics/cve-2023-40186 CVE - 2023-40186 USN-6401-1

Ubuntu: USN-6401-1 (CVE-2023-39353): FreeRDP vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-libfreerdp2-2 ubuntu-pro-upgrade-libwinpr2-2 ubuntu-pro-upgrade-libwinpr2-dev References https://attackerkb.com/topics/cve-2023-39353 CVE - 2023-39353 USN-6401-1

Ubuntu: USN-6401-1 (CVE-2023-40589): FreeRDP vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) ubuntu-pro-upgrade-libfreerdp2-2 ubuntu-pro-upgrade-libwinpr2-2 ubuntu-pro-upgrade-libwinpr2-dev References https://attackerkb.com/topics/cve-2023-40589 CVE - 2023-40589 USN-6401-1

Ubuntu: USN-6401-1 (CVE-2023-40181): FreeRDP vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) ubuntu-pro-upgrade-libfreerdp2-2 ubuntu-pro-upgrade-libwinpr2-2 ubuntu-pro-upgrade-libwinpr2-dev References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181 USN-6401-1

Amazon Linux AMI 2: CVE-2023-40569: Security patch for freerdp (ALAS-2023-2269) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40569 AL2/ALAS-2023-2269 CVE - 2023-40569

Debian: CVE-2023-20900: open-vm-tools -- security update Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Solution(s) debian-upgrade-open-vm-tools References https://attackerkb.com/topics/cve-2023-20900 CVE - 2023-20900 DSA-5493-1

Debian: CVE-2023-40181: freerdp2 -- security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/30/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) debian-upgrade-freerdp2 References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181 DLA-3606-1

Huawei EulerOS: CVE-2023-40589: freerdp security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2023-40589 CVE - 2023-40589 EulerOS-SA-2024-1264

Alma Linux: CVE-2023-39356: Moderate: freerdp security update (ALSA-2024-2208) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-39356 CVE - 2023-39356 https://errata.almalinux.org/9/ALSA-2024-2208.html

Alma Linux: CVE-2023-39353: Moderate: freerdp security update (ALSA-2024-2208) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-39353 CVE - 2023-39353 https://errata.almalinux.org/9/ALSA-2024-2208.html

Huawei EulerOS: CVE-2023-39356: freerdp security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2023-39356 CVE - 2023-39356 EulerOS-SA-2024-1264

Huawei EulerOS: CVE-2023-39354: freerdp security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` withoutchecking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2023-39354 CVE - 2023-39354 EulerOS-SA-2024-1264

Red Hat: CVE-2023-40186: freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2023-40186 RHSA-2024:2208

Debian: CVE-2023-39352: freerdp2 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and`surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-freerdp2 References https://attackerkb.com/topics/cve-2023-39352 CVE - 2023-39352 DLA-3606-1