Vulnerability CVE-2022-39316: Information

Description

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-39316
Published: Nov. 16, 2022
Modified: Nov. 21, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
freerdpsisyphus2.9.0-alt12.11.7-alt4ALT-PU-2022-3127-1310190Fixed
freerdpsisyphus_e2k2.9.0-alt12.11.7-alt3ALT-PU-2022-7162-1-Fixed
freerdpsisyphus_riscv642.9.0-alt12.11.7-alt4ALT-PU-2022-7143-1-Fixed
freerdpp102.9.0-alt12.11.7-alt3ALT-PU-2022-3199-1310220Fixed
freerdpp10_e2k2.9.0-alt12.11.7-alt3ALT-PU-2022-7252-1-Fixed
freerdpp92.9.0-alt12.9.0-alt1ALT-PU-2022-3288-1310221Fixed
freerdpc10f22.9.0-alt12.11.7-alt3ALT-PU-2022-3199-1310220Fixed
freerdpc9f22.9.0-alt12.11.7-alt1ALT-PU-2022-3189-1310222Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
  • Patch
  • Third Party Advisory
https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
  • Patch
  • Third Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
  • Third Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
  • Third Party Advisory
[debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update
    [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update
      FEDORA-2022-fd6e43dec8
        FEDORA-2022-fd6e43dec8
          FEDORA-2022-076b1c9978
            FEDORA-2022-076b1c9978
              GLSA-202401-16
                GLSA-202401-16

                    1. Configuration 1

                      cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
                      End excluding
                      2.9.0

                      Configuration 2

                      cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
                      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v25.3.0
                  Back to top