CVE-2022-39282
Summary
| CVE | CVE-2022-39282 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-10-12 23:15:00 UTC |
|---|
| Updated | 2023-11-17 19:15:00 UTC |
|---|
| Description | FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| RDP client: Read of uninitialized memory with parallel port redirection · Advisory · FreeRDP/FreeRDP · GitHub |
CONFIRM |
github.com |
|
| FreeRDP: Multiple Vulnerabilities (GLSA 202210-24) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 35 Update: freerdp-2.8.1-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Release 2.8.1 · FreeRDP/FreeRDP · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: freerdp-2.8.1-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: freerdp-2.8.1-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: freerdp-2.8.1-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update |
|
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160601 Oracle Enterprise Linux Security Update for freerdp (ELSA-2023-2326)
- 160676 Oracle Enterprise Linux Security Update for freerdp (ELSA-2023-2851)
- 183865 Debian Security Update for freerdp2 (CVE-2022-39282)
- 199041 Ubuntu Security Notification for FreeRDP Vulnerabilities (USN-5734-1)
- 241431 Red Hat Update for freerdp (RHSA-2023:2326)
- 241541 Red Hat Update for freerdp (RHSA-2023:2851)
- 283366 Fedora Security Update for freerdp (FEDORA-2022-e733724edb)
- 283417 Fedora Security Update for freerdp (FEDORA-2022-d6310a1308)
- 283518 Fedora Security Update for freerdp (FEDORA-2022-fd6e43dec8)
- 354723 Amazon Linux Security Advisory for freerdp : ALAS2-2023-1930
- 378638 Alibaba Cloud Linux Security Update for freerdp (ALINUX3-SA-2023:0064)
- 6000329 Debian Security Update for freerdp2 (DLA 3654-1)
- 672604 EulerOS Security Update for freerdp (EulerOS-SA-2023-1313)
- 691074 Free Berkeley Software Distribution (FreeBSD) Security Update for freerdp (c682923d-b444-11ed-9268-b42e991fc52e)
- 710666 Gentoo Linux FreeRDP Multiple Vulnerabilities (GLSA 202210-24)
- 752798 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:3984-1)
- 752844 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:3983-1)
- 752862 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:3982-1)
- 941031 AlmaLinux Security Update for freerdp (ALSA-2023:2326)
- 941069 AlmaLinux Security Update for freerdp (ALSA-2023:2851)
