Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-39317
HistoryNov 16, 2022 - 9:15 p.m.

CVE-2022-39317

2022-11-1621:15:10
Debian Security Bug Tracker
security-tracker.debian.org
18
freerdp
zgfx decoder
input offset
version 2.9.0
security issue
remote desktop protocol
unix

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

45.4%

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

45.4%