FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
The vulnerability consists of reading data outside the intended memory area (CWE-125 — out-of-bounds read) in the client-side RDP protocol implementation. An attacker can deliver specially crafted data over the network, without the need for authentication or user interaction, causing incorrect memory reading of the FreeRDP client process.
An attacker can gain unauthorized access to sensitive data from the process memory, and depending on the execution context — lead to a breach of integrity or availability of the client application.
FreeRDP should be updated to version 3.5.0 or 2.11.6 (and later). As a workaround without updating, you can enforce the use of `/gfx` or `/rfx` modes (enabled by default, require server-side support), which avoids the vulnerable code. Fedora users should apply package updates distributed by the Fedora project.
FreeRDP-based clients in versions prior to 3.5.0 and prior to 2.11.6, as well as FreeRDP packages in Fedora Linux distributions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject383940Freerdp
APPFreerdp< 2.11.63.0.0 – 3.5.0 (bez)
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape