CVE-2022-39282

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.8.1

Description The issue is related to the use of uninitialized data when processing the /parallel command line switch in FreeRDP based clients on Unix systems. This could allow a remote attacker to read, modify, or delete data. FreeRDP based server implementations are not affected.

Recommendations For versions prior to 2.8.1, please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (/parallel command line switch) as a workaround.

Exploit

Fix

Information Disclosure

Use of Uninitialized Resource

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-908CWE-125

Related Identifiers

ALSA-2023:2326

ALSA-2023:2851

ALSA-2023_2326

ALSA-2023_2851

ALT-PU-2022-2857

ALT-PU-2022-2872

ALT-PU-2022-2881

ALT-PU-2022-3288

BDU:2022-06360

BDU:2022-06362

CESA-2023_2851

CVE-2022-39282

DLA-3654-1

DLA-4053-1

GHSA-C45Q-WCPG-MXJQ

MGASA-2022-0437

OESA-2022-2018

OPENSUSE-SU-2022_3982-1

OPENSUSE-SU-2022_3983-1

OPENSUSE-SU-2024:12515-1

RHSA-2023:2326

RHSA-2023:2851

RHSA-2023_2326

RHSA-2023_2851

SUSE-SU-2022:3982-1

SUSE-SU-2022:3983-1

SUSE-SU-2022:3984-1

SUSE-SU-2022_3982-1

SUSE-SU-2022_3983-1

SUSE-SU-2022_3984-1

USN-5734-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freerdp

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-39282

Weakness Enumeration

Related Identifiers

Affected Products

References · 89