CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.

CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.

Another issue in the library has been resolved where a malformed SOCKS5 proxy packet can cause a remote client to crash. A malicious server can send a SOCKS5 proxy packet that contains a format string vulnerability, causing the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/socks5` redirection switch.

FreeRDP is a free remote desktop protocol library and clients. A flaw in the way FreeRDP parses parameters in the `/peerId` redirection switch can cause a remote client to crash. A malicious server can send a specially crafted `/peerId` redirection switch and cause the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/peerId` redirection switch.

Another issue in the library has been resolved where a malformed SOCKS5 proxy packet can cause a remote client to crash. A malicious server can send a SOCKS5 proxy packet that contains a format string vulnerability, causing the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/socks5` redirection switch. FreeRDP is a free remote desktop protocol library and clients. A flaw in the way Free

FreeRDP is a free remote desktop protocol library and clients

. A flaw in the way FreeRDP parses parameters in the `/peerId` redirection switch can cause a remote client to crash. A malicious server can send a specially crafted `/peerId` redirection switch and cause the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/peerId` redirection switch.

FreeRDP is a free remote desktop protocol library and clients. A flaw in the way FreeRDP parses parameters in the `/peerId` redirection switch can cause a remote client to crash. A malicious server can send a specially crafted `/peerId` redirection switch and cause the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/peerId` redirection switch.

FreeRDP Library

Malformed parameter parsing
One issue in the library has been resolved where a malformed SOCKS5 proxy packet can cause a remote client to crash. A malicious server can send a SOCKS5 proxy packet that contains a format string vulnerability, causing the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/socks5` redirection switch. Another issue in the library has been resolved where a malformed SOCKS5 proxy packet can cause a remote client to crash. A malicious server can send a SOCKS5 proxy packet that contains a format string vulnerability, causing the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/socks5` redirection switch.

FreeRDP Basics

FreeRDP is a free remote desktop protocol library and clients. A flaw in the way FreeRDP parses parameters in the `/peerId` redirection switch can cause a remote client to crash. A malicious server can send a specially crafted `/peerId` redirection switch and cause the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/peerId` redirection switch.
Another issue in the library has been resolved where a malformed SOCKS5 proxy packet can cause a remote client to crash. A malicious server can send a SOCKS5 proxy packet that contains a format string vulnerability, causing the client to crash. Affected versions of FreeRDP are required to upgrade and all users are advised to upgrade. Users unable to upgrade should not use the `/socks5` redirection switch.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe