freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory

Debian Bug report logs - #1001062
freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory

Date: Fri, 03 Dec 2021 13:42:43 +0100

Source: freerdp2
Version: 2.3.0+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for freerdp2.

CVE-2021-41160[0]:
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
| released under the Apache license. In affected versions a malicious
| server might trigger out of bound writes in a connected client.
| Connections using GDI or SurfaceCommands to send graphics updates to
| the client might send `0` width/height or out of bound rectangles to
| trigger out of bound writes. With `0` width or heigth the memory
| allocation will be `0` but the missing bounds checks allow writing to
| the pointer at this (not allocated) region. This issue has been
| patched in FreeRDP 2.4.1.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-41160
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41160
[1] https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Send a report that this bug log contains spam.