Out-of-bounds Write
CVE-2023-39352
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values "rect->left" and "rect->top" are exactly equal to "surface->width" and "surface->height". eg. "rect->left" == "surface->width" && "rect->top" == "surface->height". In practice, this should cause a crash. This issue has been addressed in versions through 2.10.0, and 3.0.0-beta1 through 3.0.0-beta2.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-787 - Out-of-Bounds Write
Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.
References
Advisory Timeline
- Published
