CVE-2022-39318
Summary
| CVE | CVE-2022-39318 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-16 21:15:00 UTC |
| Updated | 2024-01-12 13:15:00 UTC |
| Description | FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. |
Risk And Classification
Problem Types: CWE-20 | CWE-369
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Application | Freerdp | Freerdp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Fixed division by zero in urbdrc · FreeRDP/FreeRDP@80adde1 · GitHub | MISC | github.com | |
| [SECURITY] Fedora 37 Update: freerdp-2.9.0-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| FreeRDP: Multiple Vulnerabilities (GLSA 202401-16) — Gentoo security | security.gentoo.org | ||
| [SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update | lists.debian.org | ||
| [SECURITY] Fedora 37 Update: freerdp-2.9.0-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Division by zero in urbdrc channel · Advisory · FreeRDP/FreeRDP · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160601 Oracle Enterprise Linux Security Update for freerdp (ELSA-2023-2326)
- 160676 Oracle Enterprise Linux Security Update for freerdp (ELSA-2023-2851)
- 182891 Debian Security Update for freerdp2 (CVE-2022-39318)
- 199041 Ubuntu Security Notification for FreeRDP Vulnerabilities (USN-5734-1)
- 241431 Red Hat Update for freerdp (RHSA-2023:2326)
- 241541 Red Hat Update for freerdp (RHSA-2023:2851)
- 283518 Fedora Security Update for freerdp (FEDORA-2022-fd6e43dec8)
- 283519 Fedora Security Update for freerdp (FEDORA-2022-076b1c9978)
- 354723 Amazon Linux Security Advisory for freerdp : ALAS2-2023-1930
- 378638 Alibaba Cloud Linux Security Update for freerdp (ALINUX3-SA-2023:0064)
- 502855 Alpine Linux Security Update for freerdp
- 6000329 Debian Security Update for freerdp2 (DLA 3654-1)
- 672604 EulerOS Security Update for freerdp (EulerOS-SA-2023-1313)
- 691013 Free Berkeley Software Distribution (FreeBSD) Security Update for freerdp (1f0421b1-8398-11ed-973d-002b67dfc673)
- 710834 Gentoo Linux FreeRDP Multiple Vulnerabilities (GLSA 202401-16)
- 752926 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:4224-1)
- 752953 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:4293-1)
- 752958 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:4292-1)
- 941031 AlmaLinux Security Update for freerdp (ALSA-2023:2326)
- 941069 AlmaLinux Security Update for freerdp (ALSA-2023:2851)