Veracode Vulnerability DatabaseVERACODE:38237Denial Of Service (DoS)
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
40.7%
freerdp is vulnerable vulnerable to denial of service. The vulnerability exists due to an out of bound read in ZGFX decoder component of FreeRDP which allows an attacker to read out of bound data and try to decode it likely resulting in a crash.
References
github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
lists.debian.org/debian-lts-announce/2023/11/msg00010.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/
lists.fedoraproject.org/archives/list/[email protected]/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
lists.fedoraproject.org/archives/list/[email protected]/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.17/community.yaml
Related
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
40.7%