Vulners
Lucene search
MiracleLinux 7 : freerdp-2.1.1-5.0.1.el7.AXS7 (AXSA:2024-8644:02)
| Reporter | Title | Published | Views | Family All 416 |
|---|---|---|---|---|
 | Amazon Linux 2 : freerdp (ALAS-2023-2269) | 5 Oct 202300:00 | – | nessus |
| Amazon Linux 2 : freerdp (ALAS-2024-2537) | 15 May 202400:00 | – | nessus |
| Debian dla-3606 : freerdp2-dev - security update | 8 Oct 202300:00 | – | nessus |
| Debian dla-4053 : freerdp2-dev - security update | 15 Feb 202500:00 | – | nessus |
| EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2024-1264) | 12 Mar 202400:00 | – | nessus |
| EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2024-2027) | 22 Jul 202400:00 | – | nessus |
| EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2024-2465) | 24 Sep 202400:00 | – | nessus |
| Fedora 38 : freerdp (2023-10e43bcebb) | 10 Sep 202300:00 | – | nessus |
| Fedora 37 : freerdp (2023-5e6796cb83) | 21 Sep 202300:00 | – | nessus |
| Fedora 39 : freerdp (2023-74108ca60d) | 7 Nov 202300:00 | – | nessus |
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2024-8644:02.
##
include('compat.inc');
if (description)
{
script_id(292152);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/20");
script_cve_id(
"CVE-2023-39350",
"CVE-2023-39351",
"CVE-2023-39352",
"CVE-2023-39353",
"CVE-2023-39356",
"CVE-2023-40181",
"CVE-2023-40186",
"CVE-2023-40188",
"CVE-2023-40567",
"CVE-2023-40569",
"CVE-2023-40589",
"CVE-2024-22211"
);
script_name(english:"MiracleLinux 7 : freerdp-2.1.1-5.0.1.el7.AXS7 (AXSA:2024-8644:02)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2024-8644:02 advisory.
* CVE-2023-39352: add bound check in gdi_SolidFill
* CVE-2023-39353: check indices are within range
* CVE-2023-39356: fix checks for multi opaque rect
* CVE-2023-40181: fix cBitsRemaining calculation
* CVE-2023-40186: fix integer multiplications
* CVE-2023-40188: fix input length validation
* CVE-2023-40567: fix missing bounds checks
* CVE-2023-40569: fix missing destination checks
* CVE-2024-22211: check resolution for overflow
* CVE-2023-39351: free content of currentMessage on fail
* CVE-2023-39350: fix possible out of bound read
* CVE-2023-40589: properly verify all offsets while decoding data
CVE(s):
CVE-2023-39350
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with
default compilation flags). When an insufficient blockLen is provided, and proper length validation is not
performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has
been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known
workarounds for this vulnerability.
CVE-2023-39351
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX
(rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using
`rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed
for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would
cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised
to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be
triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and
`surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice
this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are
advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-39353
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the
`libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and
`tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will
cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to
upgrade. There are no known workarounds for this vulnerability.
CVE-2023-39356
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
In affected versions a missing offset validation may lead to an Out Of Bound Read in the function
`gdi_multi_opaque_rect`. In particular there is no code to validate if the value
`multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles
without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash.
This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are
no known workarounds for this vulnerability.
CVE-2023-40181
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the
`zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the
transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and
3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-40186
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the
`gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not
affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and
3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-40188
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-
Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data
of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has
been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known
workarounds for this issue.
CVE-2023-40567
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in
which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This
issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no
known workarounds for this vulnerability.
CVE-2023-40569
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This
issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been
addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds
for this vulnerability.
CVE-2023-40589
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted
input into this function can trigger the overflow which has only been shown to cause a crash. This issue
has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known
workarounds for this issue.
CVE-2024-22211
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions
an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects
FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server
could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out
of bound read/write. Data extraction over network is not possible, the buffers are used to display an
image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are
no know workarounds for this vulnerability.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/19828");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22211");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/31");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:freerdp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:freerdp-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libwinpr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libwinpr-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '7',
'pkgs': [
{'reference':'freerdp-2.1.1-5.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'freerdp-libs-2.1.1-5.0.1.el7.AXS7', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'freerdp-libs-2.1.1-5.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libwinpr-2.1.1-5.0.1.el7.AXS7', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libwinpr-2.1.1-5.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libwinpr-devel-2.1.1-5.0.1.el7.AXS7', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'libwinpr-devel-2.1.1-5.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-libs / libwinpr / libwinpr-devel');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Jan 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.16.5 - 9.8
EPSS0.00868
SSVC