FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2025, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
21 Nov 2024, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-31 21:15
Updated : 2025-02-13 17:16
NVD link : CVE-2023-39352
Mitre link : CVE-2023-39352
CVE.ORG link : CVE-2023-39352
JSON object : View
Products Affected
freerdp
- freerdp
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write