CVE-2023-40574 — MEDIUM (6.5)

Vulnerability Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Freerdp	Freerdp	3.0.0

Related Weaknesses (CWE)

CWE-787

References

https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5Issue Tracking
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cwExploitVendor Advisory
https://security.gentoo.org/glsa/202401-16
https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5Issue Tracking
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cwExploitVendor Advisory
https://security.gentoo.org/glsa/202401-16

FAQ

What is CVE-2023-40574?

CVE-2023-40574 is a vulnerability with a CVSS score of 6.5 (MEDIUM). FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This...

How severe is CVE-2023-40574?

CVE-2023-40574 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-40574?

Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp.