 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.2.2024.1264 |
| Category: | Huawei EulerOS Local Security Checks |
| Title: | Huawei EulerOS: Security Advisory for freerdp (EulerOS-SA-2024-1264) |
| Summary: | The remote host is missing an update for the Huawei EulerOS 'freerdp' package(s) announced via the EulerOS-SA-2024-1264 advisory. |
| Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'freerdp' package(s) announced via the EulerOS-SA-2024-1264 advisory. Vulnerability Insight: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39354) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39350) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40589) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39356) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40569) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'freerdp' package(s) on Huawei EulerOS V2.0SP8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-39350 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/ https://security.gentoo.org/glsa/202401-16 https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2023-39353 https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/codec/rfx.c#L994-L996 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f Common Vulnerability Exposure (CVE) ID: CVE-2023-39354 https://github.com/FreeRDP/FreeRDP/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6 Common Vulnerability Exposure (CVE) ID: CVE-2023-39356 https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/include/freerdp/primary.h#L186-L196 https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/core/orders.c#L1503-L1504 https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gdi.c#L723C1-L758 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m Common Vulnerability Exposure (CVE) ID: CVE-2023-40181 https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261 https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 Common Vulnerability Exposure (CVE) ID: CVE-2023-40186 https://github.com/FreeRDP/FreeRDP/blob/fee2b10ba1154f952769a53eb608f044782e22f8/libfreerdp/gdi/gfx.c#L1156-L1165 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v Common Vulnerability Exposure (CVE) ID: CVE-2023-40188 https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq Common Vulnerability Exposure (CVE) ID: CVE-2023-40567 https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618 https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp Common Vulnerability Exposure (CVE) ID: CVE-2023-40569 https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/progressive.c#L2598-L2616 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp Common Vulnerability Exposure (CVE) ID: CVE-2023-40589 https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |