Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-39282
HistoryOct 12, 2022 - 12:00 a.m.

CVE-2022-39282

2022-10-1200:00:00
ubuntu.com
ubuntu.com
15
freerdp
unix
data leakage

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.8%

FreeRDP is a free remote desktop protocol library and clients. FreeRDP
based clients on unix systems using /parallel command line switch might
read uninitialized data and send it to the server the client is currently
connected to. FreeRDP based server implementations are not affected. Please
upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not
use parallel port redirection (/parallel command line switch) as a
workaround.

Bugs

Notes

Author Note
mdeslaur malicious server could read uninitialized data from client
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp< anyUNKNOWN
ubuntu16.04noarchfreerdp< anyUNKNOWN
ubuntu18.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.18.04.4UNKNOWN
ubuntu20.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.20.04.4UNKNOWN
ubuntu22.04noarchfreerdp2< 2.6.1+dfsg1-3ubuntu2.3UNKNOWN
ubuntu22.10noarchfreerdp2< 2.8.1+dfsg1-0ubuntu1UNKNOWN
ubuntu23.04noarchfreerdp2< 2.8.1+dfsg1-0ubuntu1UNKNOWN
ubuntu23.10noarchfreerdp2< 2.8.1+dfsg1-0ubuntu1UNKNOWN
ubuntu24.04noarchfreerdp2< 2.8.1+dfsg1-0ubuntu1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.8%