6.8
CVSSv2

CVE-2021-41160

Published: 21/10/2021 Updated: 29/11/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freerdp freerdp

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Debian Bug report logs - #1001062 freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory Package: src:freerdp2; Maintainer for src:freerdp2 is Debian Remote Maintainers <debian-remote@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Dec ...
No description is available for this CVE ...
Arch Linux Security Advisory ASA-202110-11 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-41159 CVE-2021-41160 Package : freerdp Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-2488 Summary ======= The package freerdp before version 2:241-1 is vu ...
A security issue has been found in FreeRDP before version 241 A malicious server might trigger out of bound writes in a connected client Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0 width/height or out of bound rectangles to trigger out of bound writes With 0 width or heigth the memory allocatio ...