CVE-2022-39283 FreeRDP may read and display out of bounds data

2022-10-1200:00:00

CWE-125

GitHub_M

www.cve.org

freerdp

cve-2022-39283

vulnerability

out of bounds data

patch

version 2.8.1

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the /video switch.

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "version": "<= 2.8.0",
        "status": "affected"
      }
    ]
  }
]