Impact
Missing input length validation in drive channel
A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server
Patches
2.9.0
Workarounds
Do not use the drive redirection channel - command line options /drive, +drives or +home-drive
Issue Reporter
Reported by 'Team BT5 (BoB 11th)'
For more information
If you have any questions or comments about this advisory:
Impact
Missing input length validation in
drivechannelA malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server
Patches
2.9.0
Workarounds
Do not use the drive redirection channel - command line options
/drive,+drivesor+home-driveIssue Reporter
Reported by 'Team BT5 (BoB 11th)'
For more information
If you have any questions or comments about this advisory: