Out-of-bounds Read

CVE-2022-39317

Medium

4.6/10

Summary

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in "ZGFX" decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue affects FreeRDP versions prior to 2.9.0. There are no known workarounds for this issue.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Nov 16, 2022

Out-of-bounds Read

CVE-2022-39317

Summary

CWE-125 - Out-of-Bounds Read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS