CVE-2023-39355

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39355

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39355.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39355

Aliases

GHSA-hvwj-vmg6-2f5h

Downstream

DLA-3606-1

UBUNTU-CVE-2023-39355

Published

2023-08-31T19:45:02Z

Modified

2025-10-15T02:42:53.608124Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

FreeRDP Use-After-Free in RDPGFX_CMDID_RESETGRAPHICS

Details

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFX_CMDID_RESETGRAPHICS packets. If context->maxPlaneSize is 0, context->planesBuffer will be freed. However, without updating context->planesBuffer, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/FreeRDP/FreeRDP

Affected ranges

Type: GIT
Repo: https://github.com/FreeRDP/FreeRDP
Events: Introduced

f468a06d88c55b9ed484757326a9528cf27d33f4

Fixed

59a5726ab36338776539192cae2563951d0ce94b

Affected versions

3.*

3.0.0-beta1

3.0.0-beta2