PT-2021-7331 · Freerdp+10 · Freerdp+10

Published

2021-10-21

Updated

2024-06-15

CVE-2021-41159

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.4.1

Description The issue is related to a buffer overflow in the FreeRDP implementation of the Remote Desktop Protocol. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is due to the failure to validate input data in FreeRDP clients using gateway connections (/gt:rpc). A malicious gateway can write client memory out of bounds.

Recommendations For FreeRDP versions prior to 2.4.1, update to version 2.4.1 to resolve the issue. If an update is not possible, use /gt:http connections instead of /gt:rdp connections, or use a direct connection without a gateway as a temporary workaround.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:4622

ALT-PU-2021-3098

ALT-PU-2021-3105

ALT-PU-2021-3106

ALT-PU-2021-3177

BDU:2022-05705

CESA-2021_4619

CESA-2021_4622

CVE-2021-41159

GHSA-VH34-M9H7-95XQ

MGASA-2021-0522

OESA-2021-1414

OPENSUSE-SU-2022_2891-1

OPENSUSE-SU-2022_2993-1

OPENSUSE-SU-2024:11591-1

RHSA-2021:4619

RHSA-2021:4620

RHSA-2021:4621

RHSA-2021:4622

RHSA-2021:4623

RHSA-2021_4619

RHSA-2021_4622

RLSA-2021:4622

SUSE-SU-2022:2890-1

SUSE-SU-2022:2891-1

SUSE-SU-2022:2993-1

SUSE-SU-2022_2890-1

SUSE-SU-2022_2891-1

SUSE-SU-2022_2993-1

USN-5154-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freerdp

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-7331 · Freerdp+10 · Freerdp+10

CVE-2021-41159

Weakness Enumeration

Related Identifiers

Affected Products

References · 50