7.5

CVE-2022-39282

EPSS 0.16%
Veröffentlicht 12.10.2022 23:15:09
Zuletzt bearbeitet 03.11.2025 21:15:52
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freerdp ≫ Freerdp Version < 2.8.1

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Fedoraproject ≫ Fedora Version37

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.37

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://security.gentoo.org/glsa/202210-24

Issue Tracking

https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html

https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1

Release Notes

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

https://nvd.nist.gov/vuln/detail/CVE-2022-39282

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-39282

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-39282

EUVD