SB2023051695 - Red Hat Enterprise Linux 8 update for freerdp 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023051695

SB2023051695 - Red Hat Enterprise Linux 8 update for freerdp

Published: May 16, 2023

Security Bulletin ID SB2023051695
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-39282)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to exposure of uninitialized data in FreeRDP client on unix systems using /parallel command line switch. The application can read uninitialized data and send it to the RDP server it is connected to.


2) Information disclosure (CVE-ID: CVE-2022-39283)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to information disclosure. All FreeRDP based clients when using the /video command line switch can read uninitialized data, decode it as audio/video and display the result.


3) Out-of-bounds read (CVE-ID: CVE-2022-39316)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.

Successful exploitation of the vulnerability may allows remote code execution.


4) Improper Validation of Array Index (CVE-ID: CVE-2022-39317)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a missing range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.

Successful exploitation of the vulnerability may allows remote code execution.


5) Division by zero (CVE-ID: CVE-2022-39318)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error in urbdrc channel. A malicious server can pass specially crafted data to the application and crash it.


6) Out-of-bounds read (CVE-ID: CVE-2022-39319)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in urbdrc channel.  A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.


7) Out-of-bounds read (CVE-ID: CVE-2022-39320)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the urbdrc channel. A malicious server can trick the FreeRDP based client to read out of bound data and send it back to the server.


8) Absolute Path Traversal (CVE-ID: CVE-2022-39347)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing path canonicalization and base path check for drive channel. A malicious server can trick the FreeRDP client to read files outside the shared directory.


9) Out-of-bounds read (CVE-ID: CVE-2022-41877)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.


Remediation

Install update from vendor's website.

References