Impact
All FreeRDP clients using gateway connections (/gt:rpc)
Input data is not properly checked, a malicious gateway might allow client memory to be written out of bounds.
Patches
2.4.1
Workarounds
- Use
/gt:http connection if possible
- Use a direct connection without gateway
Reported by Sunglin from the Knownsec 404 team & 0103 sec team
For more information
If you have any questions or comments about this advisory:
Impact
All FreeRDP clients using gateway connections (
/gt:rpc)Input data is not properly checked, a malicious gateway might allow client memory to be written out of bounds.
Patches
2.4.1
Workarounds
/gt:httpconnection if possibleReported by
Sunglin from the Knownsec 404 team & 0103 sec teamFor more information
If you have any questions or comments about this advisory: