freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

RockyLinux 8 : freerdp (RLSA-2023:2851)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2851 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line switch...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Affected versions of FreeRDP lack path canonicalization and base path checks for the drive channel. A malicious server can trick a FreeRDP-based client into reading files outside of the shared directory. This issue has been addressed i...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP affected by this issue lack input length validation in the “drive” channel. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and sending it back to the server. This issue has been...

CVE-2026-40254

FreeRDP contains an off-by-one path traversal vulnerability in the drive channel (reads/list/write files one directory above the shared folder) due to a flaw in contains_dotdot() in channels/drive/client/drive_file.c. A rogue RDP server can exploit this when drive redirection is enabled, affectin...

MiracleLinux 8 : freerdp-2.2.0-10.el8 (AXSA:2023-5972:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5972:03 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...

MiracleLinux 9 : freerdp-2.4.1-5.el9 (AXSA:2023-5536:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5536:02 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...

EUVD-2022-45039

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-39347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive...

GLSA-202401-16 : FreeRDP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-16 FreeRDP: Multiple Vulnerabilities - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a...

freerdp security update

2:2.2.0-10 - Fix 'implicit declaration of function' errors 2136153, 2145139 - 2:2.2.0-9 - CVE-2022-39282: Fix length checks in parallel driver 2136151 - CVE-2022-39283: Add missing length check in video channel 2136153 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145139 -...

freerdp: missing input length validation in `drive` channel

An out-of-bounds read vulnerability was discovered in FreeRDP due to improper input length validation in the drive channel. A malicious server can trick a FreeRDP based client to read out-of-bound data and send it back to the server...

ALSA-2023:2851 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: clients using /parallel command line switch might read...

Oracle Linux 9 : freerdp (ELSA-2023-2326)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2326 advisory. - CVE-2022-39282: Fix length checks in parallel driver 2136152 - CVE-2022-39283: Add missing length check in video channel 2136154 - CVE-2022-39316,...

freerdp: missing path sanitation with `drive` channel

A directory traversal issue was discovered in FreeRDP. The vulnerability exists due to missing path canonicalization and base path check for the drive channel. A malicious server can trick a FreeRDP based client to read files outside of the shared directory. This issue allows an attacker to gain...

freerdp: missing input length validation in `drive` channel

An out-of-bounds read vulnerability was discovered in FreeRDP due to improper input length validation in the drive channel. A malicious server can trick a FreeRDP based client to read out-of-bound data and send it back to the server...

SUSE CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

SUSE CVE-2022-41877

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...

SUSE SLED12: freerdp / freerdp-devel / freerdp-proxy / freerdp-server / etc (SUSE-SU-2023:0400-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0400-1 advisory. - CVE-2022-39316: Fixed out of bound read in zgfx decoder bsc1205512. - CVE-2022-39317: Fixed undefined...

FreeBSD : freerdp -- multiple vulnerabilities (1f0421b1-8398-11ed-973d-002b67dfc673)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1f0421b1-8398-11ed-973d-002b67dfc673 advisory. - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is...