Ubuntu.comUB:CVE-2023-40188CVE-2023-40188
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
52.0%
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license. Affected versions are subject to an
Out-Of-Bounds Read in the general_LumaToYUV444 function. This
Out-Of-Bounds Read occurs because processing is done on the in variable
without checking if it contains data of sufficient length. Insufficient
data for the in variable may cause errors or crashes. This issue has been
addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade.
There are no known workarounds for this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | freerdp2 | < 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 | UNKNOWN |
| ubuntu | 20.04 | noarch | freerdp2 | < 2.2.0+dfsg1-0ubuntu0.20.04.5 | UNKNOWN |
| ubuntu | 22.04 | noarch | freerdp2 | < 2.6.1+dfsg1-3ubuntu2.4 | UNKNOWN |
| ubuntu | 23.04 | noarch | freerdp2 | < 2.10.0+dfsg1-1ubuntu0.2 | UNKNOWN |
| ubuntu | 23.10 | noarch | freerdp2 | < 2.10.0+dfsg1-1.1ubuntu1 | UNKNOWN |
References
github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq
launchpad.net/bugs/cve/CVE-2023-40188
nvd.nist.gov/vuln/detail/CVE-2023-40188
security-tracker.debian.org/tracker/CVE-2023-40188
ubuntu.com/security/notices/USN-6401-1
www.cve.org/CVERecord?id=CVE-2023-40188
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
52.0%