Lowakallabeth

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.5.1 **Description** The issue is related to an out-of-bounds read in FreeRDP, a free implementation of the Remote Desktop Protocol. This occurs when a `WCHAR` string is read with twice its size and converted to `UTF-8`, then `base64` decoded. The string is used to compare against the redirection server certificate. There are no known workarounds available. **Recommendations** For versions prior to 3.5.1, update to version 3.5.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `WCHAR` string conversion to `UTF-8` and `base64` decoding until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.5.1 **Description** The issue is related to an out-of-bounds read in the FreeRDP client, which is a free implementation of the Remote Desktop Protocol. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For versions prior to 3.5.1, update to version 3.5.1, which contains a patch for the issue. As a temporary workaround, consider restricting the use of the FreeRDP client until the patch is applied. No other workarounds are available.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.5.1 **Description** The issue is related to an out-of-bounds read in the FreeRDP client, specifically in the `freerdp image copy` function. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when `((nWidth == 0) and (nHeight == 0))`. **Recommendations** For versions prior to 3.5.1, update to version 3.5.1, which contains a patch for the issue. As a temporary workaround, consider restricting the use of the `freerdp image copy` function until the patch is applied. Avoid using the condition `((nWidth == 0) and (nHeight == 0))` in the affected clients until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to an out of bound read in the PRIMARY DRAWING ORDER FIELD BYTES array, which can result in accessing a memory location outside of the array's boundaries. This can potentially allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the PRIMARY DRAWING ORDER FIELD BYTES array until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to an out of bounds read in the TrioParse component of the FreeRDP implementation. This could allow a remote attacker to access confidential data and cause a denial of service due to an integer overflow that bypasses string length checks. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the TrioParse component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to an out of bounds read in the RLEDECOMPRESS component of the FreeRDP implementation. This can be exploited by a remote attacker to gain access to confidential data and cause a denial of service. All FreeRDP based clients with sessions that have a color depth of less than 32 are affected. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider restricting the color depth of sessions to 32 or higher until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to an out of bounds read in the `license read new or upgrade license packet` component. A manipulated license packet can cause out of bound reads to an internal buffer, potentially allowing a remote attacker to access confidential data and cause a denial of service. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the `license read new or upgrade license packet` component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to a global out-of-bounds (OOB) read in the `update read cache bitmap v3 order` function. This allows a remote attacker to access confidential data and potentially cause a denial of service. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider disabling the bitmap cache with the `-bitmap-cache` option (which is default).

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to an integer casting vulnerability in the update recv secondary order function of the FreeRDP protocol implementation. This vulnerability affects all clients with +glyph-cache /relax-order-checks enabled. The vulnerability is associated with a lack of proper data type conversion mechanism in the gdi SelectObject component, which may allow a remote attacker to impact data integrity. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider disabling the +glyph-cache /relax-order-checks feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.2 **Description** The issue is related to an out of bounds read in the PRIMARY DRAWING ORDER FIELD BYTES array, which can result in accessing a memory location outside of the array's boundaries. This can potentially allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue.