ISHACK AI BOT

SUSE: CVE-2023-20900: SUSE Linux Security Advisory Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Solution(s) suse-upgrade-libvmtools-devel suse-upgrade-libvmtools0 suse-upgrade-open-vm-tools suse-upgrade-open-vm-tools-containerinfo suse-upgrade-open-vm-tools-desktop suse-upgrade-open-vm-tools-salt-minion suse-upgrade-open-vm-tools-sdmp References https://attackerkb.com/topics/cve-2023-20900 CVE - 2023-20900

Gentoo Linux: CVE-2023-40576: FreeRDP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40576 CVE - 2023-40576 202401-16

Alma Linux: CVE-2023-20900: Important: open-vm-tools security update (Multiple Advisories) Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 09/25/2023 Added 09/25/2023 Modified 01/28/2025 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Solution(s) alma-upgrade-open-vm-tools alma-upgrade-open-vm-tools-desktop alma-upgrade-open-vm-tools-salt-minion alma-upgrade-open-vm-tools-sdmp alma-upgrade-open-vm-tools-test References https://attackerkb.com/topics/cve-2023-20900 CVE - 2023-20900 https://errata.almalinux.org/8/ALSA-2023-5312.html https://errata.almalinux.org/9/ALSA-2023-5313.html

Alma Linux: CVE-2023-40569: Moderate: freerdp security update (ALSA-2024-2208) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40569 CVE - 2023-40569 https://errata.almalinux.org/9/ALSA-2024-2208.html

Alma Linux: CVE-2023-40589: Moderate: freerdp security update (ALSA-2024-2208) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40589 CVE - 2023-40589 https://errata.almalinux.org/9/ALSA-2024-2208.html

Alma Linux: CVE-2023-40567: Moderate: freerdp security update (ALSA-2024-2208) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40567 CVE - 2023-40567 https://errata.almalinux.org/9/ALSA-2024-2208.html

Alma Linux: CVE-2023-40181: Moderate: freerdp security update (ALSA-2024-2208) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/30/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181 https://errata.almalinux.org/9/ALSA-2024-2208.html

Huawei EulerOS: CVE-2023-40567: freerdp security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2023-40567 CVE - 2023-40567 EulerOS-SA-2024-1264

Huawei EulerOS: CVE-2023-39353: freerdp security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2023-39353 CVE - 2023-39353 EulerOS-SA-2024-1264

Alma Linux: CVE-2023-39354: Moderate: freerdp security update (ALSA-2024-2208) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` withoutchecking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-39354 CVE - 2023-39354 https://errata.almalinux.org/9/ALSA-2024-2208.html

Gentoo Linux: CVE-2023-39350: FreeRDP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-39350 CVE - 2023-39350 202401-16

Red Hat: CVE-2023-40188: freerdp: Out-of-bounds read in general_LumaToYUV444 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2023-40188 RHSA-2024:2208

Red Hat: CVE-2023-40181: freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2023-40181 RHSA-2024:2208

Gentoo Linux: CVE-2023-40188: FreeRDP: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40188 CVE - 2023-40188 202401-16

Gentoo Linux: CVE-2023-39355: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-39355 CVE - 2023-39355 202401-16

Amazon Linux 2023: CVE-2023-20900: Important priority package update for open-vm-tools Severity 6 CVSS (AV:A/AC:H/Au:S/C:C/I:C/A:C) Published 08/31/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Solution(s) amazon-linux-2023-upgrade-open-vm-tools amazon-linux-2023-upgrade-open-vm-tools-debuginfo amazon-linux-2023-upgrade-open-vm-tools-debugsource amazon-linux-2023-upgrade-open-vm-tools-desktop amazon-linux-2023-upgrade-open-vm-tools-desktop-debuginfo amazon-linux-2023-upgrade-open-vm-tools-devel amazon-linux-2023-upgrade-open-vm-tools-salt-minion amazon-linux-2023-upgrade-open-vm-tools-sdmp amazon-linux-2023-upgrade-open-vm-tools-sdmp-debuginfo amazon-linux-2023-upgrade-open-vm-tools-test amazon-linux-2023-upgrade-open-vm-tools-test-debuginfo References https://attackerkb.com/topics/cve-2023-20900 CVE - 2023-20900 https://alas.aws.amazon.com/AL2023/ALAS-2023-350.html

FreeBSD: VID-AAEA7B7C-4887-11EE-B164-001B217B3468 (CVE-2023-1555): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 08/31/2023 Created 09/05/2023 Added 09/01/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1555

FreeBSD: VID-AAEA7B7C-4887-11EE-B164-001B217B3468 (CVE-2023-1279): Gitlab -- Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/31/2023 Created 09/05/2023 Added 09/01/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1279

Debian: CVE-2023-39350: freerdp2 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-freerdp2 References https://attackerkb.com/topics/cve-2023-39350 CVE - 2023-39350 DLA-3606-1

Debian: CVE-2023-40569: freerdp2 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) debian-upgrade-freerdp2 References https://attackerkb.com/topics/cve-2023-40569 CVE - 2023-40569 DLA-3606-1

Huawei EulerOS: CVE-2023-40181: freerdp security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/30/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181 EulerOS-SA-2024-1264

CentOS Linux: CVE-2023-20900: Important: open-vm-tools security update (CESA-2023:5217) Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Solution(s) centos-upgrade-open-vm-tools centos-upgrade-open-vm-tools-debuginfo centos-upgrade-open-vm-tools-desktop centos-upgrade-open-vm-tools-devel centos-upgrade-open-vm-tools-test References CVE-2023-20900

Gentoo Linux: CVE-2023-40186: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40186 CVE - 2023-40186 202401-16

Gentoo Linux: CVE-2023-40574: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40574 CVE - 2023-40574 202401-16

Gentoo Linux: CVE-2023-40569: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40569 CVE - 2023-40569 202401-16