CVE-2023-40181

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261	Issue Tracking
https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355	Issue Tracking
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8	Exploit Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/	Mailing List
https://security.gentoo.org/glsa/202401-16

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:freerdp:freerdp::::::::
	cpe:2.3:a:freerdp:freerdp:3.0.0:beta1::::::
	cpe:2.3:a:freerdp:freerdp:3.0.0:beta2::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

History

12 Jan 2024, 13:15

Type	Values Removed	Values Added
References		() https://security.gentoo.org/glsa/202401-16 -

18 Oct 2023, 13:50

Type	Values Removed	Values Added
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ - Mailing List
References	~~(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html -~~	(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ - Mailing List
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ - Mailing List
First Time		Fedoraproject Debian debian Linux Debian Fedoraproject fedora
CPE		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::*

07 Oct 2023, 21:15

Type	Values Removed	Values Added
References		(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html -

21 Sep 2023, 03:15

Type	Values Removed	Values Added
References		(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ -

10 Sep 2023, 03:15

Type	Values Removed	Values Added
References		(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ -

07 Sep 2023, 15:55

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 -~~	(MISC) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 - Exploit, Vendor Advisory
References	~~(MISC) https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355 -~~	(MISC) https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355 - Issue Tracking
References	~~(MISC) https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261 -~~	(MISC) https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261 - Issue Tracking
First Time		Freerdp Freerdp freerdp
CPE		cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:::::: cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:::::: cpe:2.3:a:freerdp:freerdp::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

31 Aug 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-31 22:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-40181

Mitre link : CVE-2023-40181

CVE.ORG link : CVE-2023-40181

JSON object : View

Products Affected

freerdp

freerdp

debian

debian_linux

fedoraproject

fedora

CWE

CWE-125

Out-of-bounds Read

CWE-191

Integer Underflow (Wrap or Wraparound)

9.1 /10