Main Vulnerability Database Vulnerabilities #VU69592

#VU69592 Improper Validation of Array Index in FreeRDP - CVE-2022-39317

Published: November 25, 2022

Vulnerability identifier: #VU69592

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-39317

CWE-ID: CWE-129

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeRDP

Software vendor:
FreeRDP

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a missing range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it.

Successful exploitation of the vulnerability may allows remote code execution.

Remediation

Install updates from vendor's website.

External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh

#VU69592 Improper Validation of Array Index in FreeRDP - CVE-2022-39317

Description

Remediation

External links

Please verify you're human