Showing 1 - 5 of 5

CVE-2022-41877

Status Candidate

Overview

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.

Related Files

Gentoo Linux Security Advisory 202401-16: Posted Jan 12, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202401-16 - Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution. Versions greater than or equal to 2.11.0 are affected.; tags | advisory, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877, CVE-2023-39350, CVE-2023-39351, CVE-2023-39352, CVE-2023-39353, CVE-2023-39354, CVE-2023-39355, CVE-2023-39356; SHA-256 | 3bd4fd57a2cfebab9086b429320a0d45d42381e7f1c261ec6b3e4d1e201e84a9; Download | Favorite | View

Ubuntu Security Notice USN-6522-2: Posted Dec 8, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6522-2 - USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary, vulnerability; systems | linux, ubuntu; advisories | CVE-2022-41877; SHA-256 | f2d9a5720823660f9ff2cc8301191691c6c83ad3400bdb8bbe794bf52bd69297; Download | Favorite | View

Ubuntu Security Notice USN-6522-1: Posted Nov 30, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-41877; SHA-256 | 865609065980f563a252153fd91a01b72cb287a6a6682e5b26f8b9c24a700046; Download | Favorite | View

Red Hat Security Advisory 2023-2851-01: Posted May 16, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2851-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include buffer overflow and out of bounds read vulnerabilities.; tags | advisory, remote, overflow, vulnerability, protocol; systems | linux, redhat, windows; advisories | CVE-2022-39282, CVE-2022-39283, CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877; SHA-256 | f0379894be6666fb53be81f0b55090e4710e35af72a8be9b1039e7b2dbfe5ce8; Download | Favorite | View

Red Hat Security Advisory 2023-2326-01: Posted May 9, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2326-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include buffer overflow and out of bounds read vulnerabilities.; tags | advisory, remote, overflow, vulnerability, protocol; systems | linux, redhat, windows; advisories | CVE-2022-39282, CVE-2022-39283, CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877; SHA-256 | aa6a2c62ee69d38a9177166d3c52b596b71c178247fd14b3cf1299101261ae67; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

CVE-2022-41877

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems