Skip to content

Missing length validation in urbdrc channel

Moderate
bmiklautz published GHSA-mvxm-wfj2-5fvh Nov 16, 2022

Package

FreeRDP (C)

Affected versions

<= 2.8.1

Patched versions

2.9.0

Description

Impact

Missing input length validation in urbdrc channel
A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server

Patches

2.9.0

Workarounds

Do not use the /usb redirection switch

Issue Reporter

Reported by 'Team BT5 (BoB 11th)'

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2022-39319

Weaknesses

No CWEs

Credits