Skip to content

Division by zero in urbdrc channel

Low
bmiklautz published GHSA-387j-8j96-7q35 Nov 16, 2022

Package

FreeRDP (C)

Affected versions

<= 2.8.1

Patched versions

2.9.0

Description

Impact

Missing input validation in urbdrc channel
A malicious server can trick a FreeRDP based client to crash with division by zero

Patches

2.9.0

Workarounds

Do not use the /usb redirection switch

Issue Reporter

Reported by 'Team BT5 (BoB 11th)'

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2022-39318

Weaknesses

No CWEs

Credits