PT-2022-5607 · Freerdp+9 · Freerdp+9

Bmiklautz

Published

2022-11-14

Updated

2025-02-15

CVE-2022-39318

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.9.0

Description The issue is related to insufficient input validation in the urbdrc channel of the FreeRDP remote desktop protocol implementation, which can lead to a division by zero error. This can be exploited by a remote attacker to cause a denial of service by crashing the client. A malicious server can trick a FreeRDP-based client into crashing with a division by zero error.

Recommendations For versions prior to 2.9.0, upgrade to version 2.9.0 to address the issue. If an upgrade is not possible, do not use the /usb redirection switch as a temporary workaround to minimize the risk of exploitation.

Exploit

Fix

DoS

Divide By Zero

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369CWE-20

Related Identifiers

ALSA-2023:2326

ALSA-2023:2851

ALT-PU-2022-3127

ALT-PU-2022-3189

ALT-PU-2022-3199

ALT-PU-2022-3288

BDU:2022-06970

CESA-2023_2851

CVE-2022-39318

DLA-3654-1

DLA-4053-1

GHSA-387J-8J96-7Q35

MGASA-2022-0447

OESA-2022-2112

OPENSUSE-SU-2022_4224-1

OPENSUSE-SU-2022_4292-1

RHSA-2023:2326

RHSA-2023:2851

RHSA-2023_2326

RHSA-2023_2851

SUSE-SU-2022:4224-1

SUSE-SU-2022:4292-1

SUSE-SU-2022:4293-1

SUSE-SU-2022_4224-1

SUSE-SU-2022_4292-1

SUSE-SU-2022_4293-1

USN-5734-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freerdp

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2022-5607 · Freerdp+9 · Freerdp+9

CVE-2022-39318

Weakness Enumeration

Related Identifiers

Affected Products

References · 87