CVE-2022-39317

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.9.0

Description The issue is related to a missing range check for input offset index in the ZGFX decoder of FreeRDP, allowing a malicious server to trick a FreeRDP-based client into reading out of bound data and attempting to decode it. This can enable a remote attacker to gain unauthorized access to protected information. There are no known workarounds for this issue.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the ZGFX decoder until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:2326

ALSA-2023:2851

ALT-PU-2022-3127

ALT-PU-2022-3189

ALT-PU-2022-3199

ALT-PU-2022-3288

BDU:2022-06972

CESA-2023_2851

CVE-2022-39317

GHSA-99CM-4GW7-C8JH

MGASA-2022-0447

OESA-2022-2120

OPENSUSE-SU-2023_0399-1

RHSA-2023:2326

RHSA-2023:2851

RHSA-2023_2326

RHSA-2023_2851

SUSE-SU-2023:0399-1

SUSE-SU-2023:0400-1

USN-5734-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freerdp

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-39317

Weakness Enumeration

Related Identifiers

Affected Products

References · 79