FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
The vulnerability (CWE-125 — out-of-bounds read) occurs in the remote desktop graphics handling component (GFX, enabled by default). An attacker can deliver specially crafted data over the network, causing memory to be read outside the allowed buffer range. The lack of authentication or user interaction requirements makes the attack particularly easy to perform.
An attacker can obtain unauthorized access to sensitive data in process memory, and in extreme cases lead to compromise of integrity or availability of the client system.
FreeRDP should be updated to version 3.5.0 or 2.11.6. As a temporary workaround, you can disable the `/gfx` option (enabled by default) and use `/bpp` or `/rfx` option instead.
FreeRDP-based clients in versions prior to 3.5.0 and 2.11.6, as well as FreeRDP packages provided in Fedora distributions (versions indicated in vendor references).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject383940Freerdp
APPFreerdp< 2.11.63.0.0 – 3.5.0 (bez)
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape