CVE-2023-39356

Published: 31 August 2023

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Priority

Cvss 3 Severity Score

9.1

Score breakdown

Status

Package	Release	Status
freerdp2 Launchpad, Ubuntu, Debian	bionic	Released (2.2.0+dfsg1-0ubuntu0.18.04.4+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	focal	Released (2.2.0+dfsg1-0ubuntu0.20.04.6)
	jammy	Released (2.6.1+dfsg1-3ubuntu2.5)
	lunar	Released (2.10.0+dfsg1-1ubuntu0.3)
	mantic	Released (2.10.0+dfsg1-1.1ubuntu1.1)
	trusty	Ignored (end of standard support)
	upstream	Released (2.11.0,3.0.0-beta1)
	xenial	Ignored (end of standard support)
	Patches: upstream: https://github.com/FreeRDP/FreeRDP/commit/889348a86e49bc8f1351ed6496d847b32db5f86e upstream: https://github.com/FreeRDP/FreeRDP/commit/23db2f4e6ba71f1c10c543f24de595d7340adb46

Severity score breakdown

Parameter	Value
Base score	9.1
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051638

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›