CVE-2022-39283 FreeRDP is a library that provides a free remote desktop protocol. It might read uninitialized data and decode it as audio/video.

FreeRDP implementations are not affected if the remote end uses the `/video` switch. The FreeRDP implementation at the remote end might be affected if the implementation does not support the `/video` switch.

Vulnerability Scenario

A FreeRDP implementation is not affected if the remote end uses the `/video` switch. The FreeRDP implementation at the remote end might be affected if the implementation does not support the `/video` switch.

Vulnerability details

The FreeRDP implementation of RDP might be vulnerable to a buffer overflow issue. This could allow an attacker to overwrite the system's memory and execute arbitrary code on the affected system.

Vulnerability Description

CVE-2022-39283 is a remote code execution issue in FreeRDP implementations. This vulnerability allows an attacker to execute arbitrary code on the remote endpoint. The target must be running FreeRDP in order for this vulnerability to be exploitable.

Timeline

Published on: 10/12/2022 23:15:00 UTC
Last modified on: 10/31/2022 04:15:00 UTC

References

• https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
• https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
• https://security.gentoo.org/glsa/202210-24
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39283