SB2022112508 - Slackware Linux update for freerdp
Published: November 25, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-39316)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.
Successful exploitation of the vulnerability may allows remote code execution.
2) Improper Validation of Array Index (CVE-ID: CVE-2022-39317)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a missing range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.
Successful exploitation of the vulnerability may allows remote code execution.
3) Division by zero (CVE-ID: CVE-2022-39318)
CWE-ID: CWE-369 - Divide By Zero
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in urbdrc channel. A malicious server can pass specially crafted data to the application and crash it.
4) Out-of-bounds read (CVE-ID: CVE-2022-39319)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.
5) Out-of-bounds read (CVE-ID: CVE-2022-39320)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the urbdrc channel. A malicious server can trick the FreeRDP based client to read out of bound data and send it back to the server.
6) Absolute Path Traversal (CVE-ID: CVE-2022-39347)
CWE-ID: CWE-36 - Absolute Path Traversal
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing path canonicalization and base path check for drive channel. A malicious server can trick the FreeRDP client to read files outside the shared directory.
7) Out-of-bounds read (CVE-ID: CVE-2022-41877)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.
Remediation
Install update from vendor's website.