Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-39352
HistoryAug 31, 2023 - 12:00 a.m.

CVE-2023-39352

2023-08-3100:00:00
ubuntu.com
ubuntu.com
9
freerdp
apache license
out of bound write
vulnerability
2.11.0
3.0.0-beta3
upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

70.3%

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license. Affected versions are subject to an
invalid offset validation leading to Out Of Bound Write. This can be
triggered when the values rect->left and rect->top are exactly equal to
surface->width and surface->height. eg. rect->left ==
surface->width && rect->top == surface->height. In practice this
should cause a crash. This issue has been addressed in versions 2.11.0 and
3.0.0-beta3. Users are advised to upgrade. There are no known workarounds
for this vulnerability.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2UNKNOWN
ubuntu20.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.20.04.6UNKNOWN
ubuntu22.04noarchfreerdp2< 2.6.1+dfsg1-3ubuntu2.5UNKNOWN
ubuntu23.04noarchfreerdp2< 2.10.0+dfsg1-1ubuntu0.3UNKNOWN
ubuntu23.10noarchfreerdp2< 2.10.0+dfsg1-1.1ubuntu1.1UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

70.3%