FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
References
Configurations
History
17 Nov 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-10-21 19:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-41160
Mitre link : CVE-2021-41160
CVE.ORG link : CVE-2021-41160
JSON object : View
Products Affected
fedoraproject
- fedora
freerdp
- freerdp
CWE
CWE-787
Out-of-bounds Write