FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.
History

Tue, 15 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-16T00:00:00

Updated: 2024-10-15T17:13:04.031Z

Reserved: 2022-09-30T00:00:00

Link: CVE-2022-41877

cve-icon Vulnrichment

Updated: 2024-08-03T12:56:38.273Z

cve-icon NVD

Status : Modified

Published: 2022-11-16T20:15:10.507

Modified: 2024-11-21T07:23:58.287

Link: CVE-2022-41877

cve-icon Redhat

Severity : Low

Publid Date: 2022-11-16T00:00:00Z

Links: CVE-2022-41877 - Bugzilla