Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-40181
HistoryAug 31, 2023 - 10:15 p.m.

Integer overflow

2023-08-3122:15:00
PRIOn knowledge base
www.prio-n.com
6
freerdp
rdp
integer-underflow
zgfx_decompress_segment
out-of-bound read
copymemory
crash
upgrade

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

38.3%

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the zgfx_decompress_segment function. In the context of CopyMemory, it’s possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.