Lucene search

K
freebsdFreeBSDDD271DE6-B444-11ED-9268-B42E991FC52E
HistoryOct 13, 2022 - 12:00 a.m.

freerdp -- clients using the `/video` command line switch might read uninitialized data

2022-10-1300:00:00
vuxml.freebsd.org
10
freerdp
clients
video
command line
uninitialized data
audio
display
server
implementations
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.4%

MITRE reports:

  All FreeRDP based clients when using the `/video`
  command line switch might read uninitialized data, decode
  it as audio/video and display the result. FreeRDP based
  server implementations are not affected.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreerdp< 2.8.1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.4%