CVE-2022-39317

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39317

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39317.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39317

Aliases

GHSA-99cm-4gw7-c8jh

Related

Published

2022-11-16T21:15:10Z

Modified

2024-09-18T03:21:38.798837Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.

References

Affected packages

Debian:11 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.0+dfsg1-2

2.3.0+dfsg1-2+deb11u1

2.4.1+dfsg1-1

2.5.0+dfsg1-1

2.6.0+dfsg1-1

2.6.1+dfsg1-1

2.6.1+dfsg1-2

2.6.1+dfsg1-3~bpo11+1

2.6.1+dfsg1-3

2.7.0+dfsg1-1~bpo11+1

2.7.0+dfsg1-1

2.8.0+dfsg1-1

2.8.1+dfsg1-1~bpo11+1

2.8.1+dfsg1-1

2.9.0+dfsg1-1~bpo11+1

2.9.0+dfsg1-1

2.10.0+dfsg1-1~bpo11+1

2.10.0+dfsg1-1

2.10.0+dfsg1-1.1

2.11.2+dfsg1-1

2.11.2+dfsg1-1.1~exp1

2.11.2+dfsg1-1.1~exp2

2.11.5+dfsg1-1

2.11.7+dfsg1-1

2.11.7+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/freerdp/freerdp

Affected ranges

Type: GIT
Repo: https://github.com/freerdp/freerdp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fa8e1b1c765a4466030ac52240f052c0b440a4d1

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta3

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.3.1

2.3.2

2.4.1

2.5.0

2.6.0

2.6.1

2.7.0

2.8.0

2.8.1