{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39317", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-23T16:37:08.327Z", "dateReserved": "2022-09-02T00:00:00.000Z", "datePublished": "2022-11-16T00:00:00.000Z"}, "containers": {"cna": {"title": "Out of bounds read in zgfx decoder in FreeRDP", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T13:06:24.826Z"}, "descriptions": [{"lang": "en", "value": "FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue."}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"version": "< 2.9.0", "status": "affected"}]}], "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh"}, {"name": "FEDORA-2022-fd6e43dec8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/"}, {"name": "FEDORA-2022-076b1c9978", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/"}, {"name": "GLSA-202401-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-16"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "cweId": "CWE-125"}]}], "source": {"advisory": "GHSA-99cm-4gw7-c8jh", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.101Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-fd6e43dec8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/"}, {"name": "FEDORA-2022-076b1c9978", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/"}, {"name": "GLSA-202401-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202401-16"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:54:24.231479Z", "id": "CVE-2022-39317", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:37:08.327Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF273D61-AA72-44FE-937E-D5749D565AEE", "versionEndExcluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue."}, {"lang": "es", "value": "FreeRDP es una librer\u00eda y clientes de protocolos de escritorio remoto gratuitos. A las versiones afectadas de FreeRDP les falta una verificaci\u00f3n de rango para el \u00edndice de compensaci\u00f3n de entrada en el decodificador ZGFX. Un servidor malicioso puede enga\u00f1ar a un cliente basado en FreeRDP para que lea datos no vinculados e intente decodificarlos. Este problema se solucion\u00f3 en la versi\u00f3n 2.9.0. No se conocen soluciones para este problema."}], "id": "CVE-2022-39317", "lastModified": "2024-11-21T07:18:01.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-16T21:15:10.300", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/"}, {"source": "security-advisories@github.com", "url": "https://security.gentoo.org/glsa/202401-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-16"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Upstream acknowledges Team BT5 (BoB 11th) as the original reporter.", "affected_release": [{"advisory": "RHSA-2023:2851", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "freerdp-2:2.2.0-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2326", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "freerdp-2:2.4.1-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "freerdp: undefined behaviour in zgfx decoder", "id": "2143643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143643"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.", "An out-of-bounds read vulnerability was discovered in FreeRDP due to missing a range check for input offset index in the ZGFX decoder. A malicious server can trick a FreeRDP based client to read out-of-bound data and try to decode it, resulting in a crash."], "name": "CVE-2022-39317", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-11-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-39317\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39317\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh"], "threat_severity": "Low"}