FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
The vulnerability, classified as CWE-125, involves the ability to read data outside the intended memory area during RDP protocol data processing. An attacker can provide specially crafted data to the FreeRDP client, causing unauthorized reading of the process memory. The attack vector is network-based and requires no privileges or user interaction on the victim's side.
An attacker can gain unauthorized access to sensitive data stored in the process memory, and in combination with other vulnerabilities, may lead to compromise of system integrity or availability.
FreeRDP should be updated to version 3.5.1, which contains a patch that resolves the issue. The vendor does not indicate any known workarounds. For Fedora, package updates should be applied according to announcements published on Fedora mailing lists.
FreeRDP clients (Freerdp Freerdp) in versions prior to 3.5.1 and FreeRDP packages available in Fedora distributions (Fedoraproject Fedora).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject383940Freerdp
APPFreerdp< 2.11.73.0.0 – 3.5.1 (bez)
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape