← Zuruck zu CVEs

CVE-2023-39352

MEDIUM

5.3

Beschreibung

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE Details

CVSS v3.1 Bewertung5.3

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht8/31/2023

Zuletzt geandert11/3/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

debian:debian_linuxfedoraproject:fedorafreerdp:freerdp

Schwachen (CWE)

CWE-787CWE-787

Referenzen

https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gfx.c#L1219-L1239(security-advisories@github.com)

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj(security-advisories@github.com)

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html(security-advisories@github.com)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/(security-advisories@github.com)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/(security-advisories@github.com)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/(security-advisories@github.com)

https://security.gentoo.org/glsa/202401-16(security-advisories@github.com)

https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gfx.c#L1219-L1239(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/202401-16(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.