FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
The error (CWE-125 — out-of-bounds read) occurs when the FreeRDP client application processes graphics data in which both nWidth and nHeight values are 0. The lack of proper validation of these parameters causes the code to attempt to read data outside the allocated memory area. This situation can be triggered by a malicious RDP server or appropriately crafted network traffic.
An attacker can gain unauthorized access to sensitive data stored in the client process memory (violation of confidentiality and integrity), as well as cause application crashes (violation of availability). In extreme cases, the error may enable further actions leading to system takeover.
FreeRDP should be updated to version 3.5.1, which contains a patch eliminating the vulnerability. For Fedora systems, package updates published by the Fedora Project should be applied according to the references. The vendor has not indicated any known workarounds.
FreeRDP clients in versions before 3.5.1 and FreeRDP packages available in Fedora distributions (versions covered by Fedora Project security updates).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject383940Freerdp
APPFreerdp< 2.11.73.0.0 – 3.5.1 (bez)
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape