SB2022112503 - Multiple vulnerabilities in FreeRDP
Published: November 25, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Improper Validation of Array Index (CVE-ID: CVE-2022-39317)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a missing range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.
Successful exploitation of the vulnerability may allows remote code execution.
2) Division by zero (CVE-ID: CVE-2022-39318)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in urbdrc channel. A malicious server can pass specially crafted data to the application and crash it.
3) Out-of-bounds read (CVE-ID: CVE-2022-39319)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.
4) Out-of-bounds read (CVE-ID: CVE-2022-39320)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the urbdrc channel. A malicious server can trick the FreeRDP based client to read out of bound data and send it back to the server.
5) Out-of-bounds read (CVE-ID: CVE-2022-41877)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.
6) Absolute Path Traversal (CVE-ID: CVE-2022-39347)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing path canonicalization and base path check for drive channel. A malicious server can trick the FreeRDP client to read files outside the shared directory.
7) Out-of-bounds read (CVE-ID: CVE-2022-39316)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.
Successful exploitation of the vulnerability may allows remote code execution.
Remediation
Install update from vendor's website.
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35
- https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh
- https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h
- https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
- https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
- https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm