Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-39354
HistoryAug 31, 2023 - 12:00 a.m.

CVE-2023-39354

2023-08-3100:00:00
ubuntu.com
ubuntu.com
8
freerdp
remote desktop protocol
out-of-bounds read
nsc_rle_decompress_data
apache license
vulnerability
upgrade
crash
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.3%

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license. Affected versions are subject to an
Out-Of-Bounds Read in the nsc_rle_decompress_data function. The
Out-Of-Bounds Read occurs because it processes context->Planes without
checking if it contains data of sufficient length. Should an attacker be
able to leverage this vulnerability they may be able to cause a crash. This
issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are
advised to upgrade. There are no known workarounds for this vulnerability.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1UNKNOWN
ubuntu20.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.20.04.5UNKNOWN
ubuntu22.04noarchfreerdp2< 2.6.1+dfsg1-3ubuntu2.4UNKNOWN
ubuntu23.04noarchfreerdp2< 2.10.0+dfsg1-1ubuntu0.2UNKNOWN
ubuntu23.10noarchfreerdp2< 2.10.0+dfsg1-1.1ubuntu1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.3%