SB2022113042 - Fedora 37 update for freerdp

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022113042

SB2022113042 - Fedora 37 update for freerdp

Published: November 30, 2022

Security Bulletin ID SB2022113042
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 43% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2022-39316)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.

Successful exploitation of the vulnerability may allows remote code execution.


2) Improper Validation of Array Index (CVE-ID: CVE-2022-39317)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a missing range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.

Successful exploitation of the vulnerability may allows remote code execution.


3) Division by zero (CVE-ID: CVE-2022-39318)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error in urbdrc channel. A malicious server can pass specially crafted data to the application and crash it.


4) Out-of-bounds read (CVE-ID: CVE-2022-39319)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in urbdrc channel.  A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.


5) Out-of-bounds read (CVE-ID: CVE-2022-39320)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the urbdrc channel. A malicious server can trick the FreeRDP based client to read out of bound data and send it back to the server.


6) Out-of-bounds read (CVE-ID: CVE-2022-41877)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.


7) Absolute Path Traversal (CVE-ID: CVE-2022-39347)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing path canonicalization and base path check for drive channel. A malicious server can trick the FreeRDP client to read files outside the shared directory.


Remediation

Install update from vendor's website.

References