CVE-2022-39283
Summary
| CVE | CVE-2022-39283 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-10-12 23:15:00 UTC |
|---|
| Updated | 2023-11-17 19:15:00 UTC |
|---|
| Description | FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| FreeRDP: Multiple Vulnerabilities (GLSA 202210-24) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 35 Update: freerdp-2.8.1-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Release 2.8.1 · FreeRDP/FreeRDP · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: freerdp-2.8.1-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: freerdp-2.8.1-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: freerdp-2.8.1-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| RDP client might read out of bounds data and display it · Advisory · FreeRDP/FreeRDP · GitHub |
CONFIRM |
github.com |
|
| [SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update |
|
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160601 Oracle Enterprise Linux Security Update for freerdp (ELSA-2023-2326)
- 160676 Oracle Enterprise Linux Security Update for freerdp (ELSA-2023-2851)
- 184647 Debian Security Update for freerdp2 (CVE-2022-39283)
- 199041 Ubuntu Security Notification for FreeRDP Vulnerabilities (USN-5734-1)
- 241431 Red Hat Update for freerdp (RHSA-2023:2326)
- 241541 Red Hat Update for freerdp (RHSA-2023:2851)
- 283366 Fedora Security Update for freerdp (FEDORA-2022-e733724edb)
- 283417 Fedora Security Update for freerdp (FEDORA-2022-d6310a1308)
- 283518 Fedora Security Update for freerdp (FEDORA-2022-fd6e43dec8)
- 354723 Amazon Linux Security Advisory for freerdp : ALAS2-2023-1930
- 378638 Alibaba Cloud Linux Security Update for freerdp (ALINUX3-SA-2023:0064)
- 6000329 Debian Security Update for freerdp2 (DLA 3654-1)
- 672604 EulerOS Security Update for freerdp (EulerOS-SA-2023-1313)
- 691075 Free Berkeley Software Distribution (FreeBSD) Security Update for freerdp (dd271de6-b444-11ed-9268-b42e991fc52e)
- 710666 Gentoo Linux FreeRDP Multiple Vulnerabilities (GLSA 202210-24)
- 752798 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:3984-1)
- 752844 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:3983-1)
- 752862 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:3982-1)
- 941031 AlmaLinux Security Update for freerdp (ALSA-2023:2326)
- 941069 AlmaLinux Security Update for freerdp (ALSA-2023:2851)
