Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-41159

Published: 21/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Freerdp

Vulnerability Summary

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freerdp freerdp

fedoraproject fedora 35

Vendor Advisories

Debian CVElist Bug Report Logs: freerdp2: CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory
Debian Bug report logs - #1001061 freerdp2: CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory Package: src:freerdp2; Maintainer for src:freerdp2 is Debian Remote Maintainers <debian-remote@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: F ...
Amazon Linux 2: ALAS2-2022-1735
A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory The highest threat from this flaw is that it could allow arbitrary code to be executed on the target s ...
Red Hat: CVE-2021-41159
No description is available for this CVE ...
Arch Linux Issues:
A security issue has been found in FreeRDP before version 241 Improper client input validation for gateway connections (/gt:rpc) allows a malicious gateway to overwrite client memory ...
Amazon Linux 2022: ALAS2022-2022-082
A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory The highest threat from this flaw is that it could allow arbitrary code to be executed on the target s ...

References

CWE-787https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xqhttps://security.gentoo.org/glsa/202210-24https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001061https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2022-1735.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook