CVE-2021-41160

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0 width/height or out of bound rectangles to trigger out of bound writes. With 0 width or heigth the memory allocation will be 0 but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5a2bc5f6164050bc3e106768e9aea31364efd99a

Affected versions

v0.*

v0.9.8

v0.9.9

v1.*

v1.0.1

v1.0.2

v1.1

v1.1.1

v1.2

v1.2b1

v1.2b2

v1.2b3

v1.2b4

v1.3

v1.3b1

v1.4

v1.4b1

v1.4b2

v1.4b3

v1.5

v1.5.1

v1.5.2

v1.5.2a1

v1.5.2a2

v1.5.2b1

v1.5.2b2

v1.5.2c1

v1.5a1

v1.5a2

v1.5a3

v1.5a4

v1.5b1

v1.5b2

v1.6a1

v1.6a2

v2.*

v2.0

v2.0b1

v2.0b2

v2.0c1

v2.1

v2.1a1

v2.1a2

v2.1b1

v2.1b2

v2.1c1

v2.1c2

v2.2a3

v2.3c1

v2.3c2

v2.4a1

v2.4a2

v2.4a3

v2.4b1

v2.4b2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41160.json"