CVE-2023-40188

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

12 Jan 2024, 13:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-16 -

18 Oct 2023, 14:09

Type Values Removed Values Added
First Time Fedoraproject
Debian debian Linux
Debian
Fedoraproject fedora
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ - Mailing List
References (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ - Mailing List
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ - Mailing List
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

07 Oct 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html -

21 Sep 2023, 03:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ -

10 Sep 2023, 03:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ -

07 Sep 2023, 15:30

Type Values Removed Values Added
References (MISC) https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175 - (MISC) https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175 - Issue Tracking
References (MISC) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq - (MISC) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq - Exploit, Vendor Advisory
First Time Freerdp
Freerdp freerdp
CPE cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1

31 Aug 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-31 22:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40188

Mitre link : CVE-2023-40188

CVE.ORG link : CVE-2023-40188


JSON object : View

Products Affected

freerdp

  • freerdp

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read