Out-of-bounds Read

CVE-2022-39320

Medium

4.6/10

Summary

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue affects FreeRDP versions prior to 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

Advisory Timeline

Published Nov 16, 2022

Out-of-bounds Read

CVE-2022-39320

Summary

CWE-125 - Out-of-Bounds Read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS