PT-2023-4672 · Freerdp+1 · Freerdp+1

Pwn2Carr

Published

2023-08-16

Updated

2026-03-10

CVE-2023-40576

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.0.0-beta3

Description The issue is related to an Out-Of-Bounds Read in the RleDecompress function. This occurs because FreeRDP processes the pbSrcBuffer variable without checking if it contains data of sufficient length. Insufficient data in the pbSrcBuffer variable may cause errors or crashes. The issue can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 3.0.0-beta3, upgrade to version 3.0.0-beta3 or later to address the issue. As a temporary workaround, consider restricting access to the RleDecompress function until a patch is available. There are no known workarounds for this issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2023-05085

CVE-2023-40576

GHSA-X3X5-R7JM-5PQ2

OPENSUSE-SU-2023_4893-1

OPENSUSE-SU-2024:13815-1

OPENSUSE-SU-2024:13816-1

OPENSUSE-SU-2026:20339-1

SUSE-SU-2023:4611-1

SUSE-SU-2023:4893-1

Affected Products

Freerdp

Suse

PT-2023-4672 · Freerdp+1 · Freerdp+1

CVE-2023-40576

Weakness Enumeration

Related Identifiers

Affected Products

References · 123