FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 Jan 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2023, 14:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Debian debian Linux Debian Fedoraproject fedora |
|
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ - Mailing List | |
References | (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ - Mailing List | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
07 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Sep 2023, 16:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Freerdp
Freerdp freerdp |
|
References | (MISC) https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gfx.c#L1219-L1239 - Issue Tracking | |
References | (MISC) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* |
31 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-31 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-39352
Mitre link : CVE-2023-39352
CVE.ORG link : CVE-2023-39352
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
freerdp
- freerdp
CWE
CWE-787
Out-of-bounds Write