4.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
48.9%
freerdp is vulnerable to out-of-bound reads. The vulnerability exists due to missing a range check for input offset index in ZGFX decoder which allows an attacker read out of bound data and send it back to the server.
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/
lists.fedoraproject.org/archives/list/[email protected]/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
lists.fedoraproject.org/archives/list/[email protected]/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.17/community.yaml
4.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
48.9%