A security issue has been found in FreeRDP before version 2.4.1. Improper client input validation for gateway connections (/gt:rpc) allows a malicious gateway to overwrite client memory.
A security issue has been found in FreeRDP before version 2.4.1. Improper client input validation for gateway connections (/gt:rpc) allows a malicious gateway to overwrite client memory.
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh44-m9h7-95xq https://github.com/FreeRDP/FreeRDP/commit/07b789c88010766c230c8f10ac748523b86e9305
Workaround ========== The issue can be mitigated by using a /gt:http connection or a direct connection without gateway.