Main Vulnerability Database SB2022111527

SB2022111527 - SUSE update for freerdp

Published: November 15, 2022

Security Bulletin ID SB2022111527

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2022-39282)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to exposure of uninitialized data in FreeRDP client on unix systems using /parallel command line switch. The application can read uninitialized data and send it to the RDP server it is connected to.

2) Information disclosure (CVE-ID: CVE-2022-39283)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to information disclosure. All FreeRDP based clients when using the /video command line switch can read uninitialized data, decode it as audio/video and display the result.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20223984-1/