Hareh4Ru

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** A heap-based buffer overflow in the Remote Desktop Client allows an unauthorized attacker to execute code over a network. A heap-based buffer overflow occurs when a program writes more data to a heap-allocated memory block than it can hold, potentially corrupting adjacent memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Remote Desktop Client (affected versions not specified) **Description** A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code over a network, which can affect the system. A heap-based buffer overflow occurs when an application writes more data to a heap-allocated memory block than it can hold, potentially corrupting adjacent memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Remote Desktop Client (affected versions not specified) **Description** A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code over a network, which can affect the system. A heap-based buffer overflow occurs when an application writes more data to a heap-allocated memory block than it can hold, potentially corrupting adjacent memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.11.5 FreeRDP versions prior to 3.2.0 **Description** The issue is related to an integer overflow in the `freerdp bitmap planar context reset` function, leading to a heap-buffer overflow. This affects FreeRDP based clients, while FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX RESET GRAPHICS PDU` to allocate too small buffers, possibly triggering later out of bound read/write. The buffers are used to display an image, and data extraction over the network is not possible. **Recommendations** For versions prior to 2.11.5, upgrade to version 2.11.5 or later. For versions prior to 3.2.0, upgrade to version 3.2.0 or later. As a temporary workaround, consider restricting access to the `RDPGFX RESET GRAPHICS PDU` endpoint until a patch is available. Avoid using the `freerdp bitmap planar context reset` function until the issue is resolved.