Lucene search

K
mageiaGentoo FoundationMGASA-2022-0437
HistoryNov 25, 2022 - 1:21 a.m.

Updated freerdp packages fix security vulnerability

2022-11-2501:21:24
Gentoo Foundation
advisories.mageia.org
46
freerdp
unix
security vulnerability
cve-2022-39282
cve-2022-39283
packages

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.8%

FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. (CVE-2022-39282) All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. (CVE-2022-39283)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchfreerdp< 2.2.0-1.3freerdp-2.2.0-1.3.mga8

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.8%