Freerdp

Freerdp

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-41159

  • EPSS 0.06%
  • Veröffentlicht 21.10.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:37

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow cl...

8.8

CVE-2021-41160

  • EPSS 0.12%
  • Veröffentlicht 21.10.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:37

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to sen...

9.8

CVE-2021-37594

  • EPSS 0.42%
  • Veröffentlicht 30.07.2021 14:15:18
  • Zuletzt bearbeitet 21.11.2024 06:15:29

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.

9.8

CVE-2021-37595

  • EPSS 0.42%
  • Veröffentlicht 30.07.2021 14:15:18
  • Zuletzt bearbeitet 21.11.2024 06:15:29

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.

3.5

CVE-2020-15103

  • EPSS 0.26%
  • Veröffentlicht 27.07.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:04:48

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindl...

6.5

CVE-2020-4030

  • EPSS 0.04%
  • Veröffentlicht 22.06.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:11

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

7.5

CVE-2020-4031

  • EPSS 0.35%
  • Veröffentlicht 22.06.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:11

In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.

4.3

CVE-2020-4032

  • EPSS 0.53%
  • Veröffentlicht 22.06.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:11

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.

6.5

CVE-2020-4033

  • EPSS 0.16%
  • Veröffentlicht 22.06.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:11

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.

6.5

CVE-2020-11096

  • EPSS 0.21%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.