Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-40567
Vulnerability from cvelistv5
Published
2023-08-31 21:42
Modified
2024-08-02 18:38
Severity ?
EPSS score ?
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, { name: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", }, { name: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FreeRDP", vendor: "FreeRDP", versions: [ { status: "affected", version: "< 2.11.0", }, { status: "affected", version: ">= 3.0.0-beta1, < 3.0.0-beta3", }, ], }, ], descriptions: [ { lang: "en", value: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T21:42:53.096Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, { name: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", tags: [ "x_refsource_MISC", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", }, { name: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", tags: [ "x_refsource_MISC", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { url: "https://security.gentoo.org/glsa/202401-16", }, ], source: { advisory: "GHSA-2w9f-8wg4-8jfp", discovery: "UNKNOWN", }, title: "Out-Of-Bounds Write in FreeRDP", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-40567", datePublished: "2023-08-31T21:42:53.096Z", dateReserved: "2023-08-16T18:24:02.389Z", dateUpdated: "2024-08-02T18:38:50.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2023-40567\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-08-31T22:15:08.613\",\"lastModified\":\"2024-11-21T08:19:43.817\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.0\",\"matchCriteriaId\":\"80B02150-FC4E-43F5-A3DF-D8E585200977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8720D61-0B0D-40ED-B3C4-B452D83BF3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-16\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
RHSA-2024:2208
Vulnerability from csaf_redhat
Published
2024-04-30 10:33
Modified
2024-11-23 03:20
Summary
Red Hat Security Advisory: freerdp security update
Notes
Topic
An update for freerdp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)
* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)
* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)
* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)
* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)
* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)
* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)
* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)
* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)
* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)
* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)
* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for freerdp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)\n\n* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)\n\n* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)\n\n* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)\n\n* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)\n\n* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)\n\n* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)\n\n* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)\n\n* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)\n\n* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)\n\n* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)\n\n* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2208", url: "https://access.redhat.com/errata/RHSA-2024:2208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", }, { category: "external", summary: "2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "RHEL-10060", url: "https://issues.redhat.com/browse/RHEL-10060", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2208.json", }, ], title: "Red Hat Security Advisory: freerdp security update", tracking: { current_release_date: "2024-11-23T03:20:51+00:00", generator: { date: "2024-11-23T03:20:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2208", initial_release_date: "2024-04-30T10:33:17+00:00", revision_history: [ { date: "2024-04-30T10:33:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-30T10:33:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T03:20:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_id: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-2:2.11.2-1.el9.aarch64", product_id: "freerdp-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.i686", product: { name: "freerdp-devel-2:2.11.2-1.el9.i686", product_id: "freerdp-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.i686", product: { name: "libwinpr-devel-2:2.11.2-1.el9.i686", product_id: "libwinpr-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_id: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.i686", product: { name: "libwinpr-2:2.11.2-1.el9.i686", product_id: "libwinpr-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_id: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-2:2.11.2-1.el9.x86_64", product_id: "freerdp-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.s390x", product: { name: "freerdp-devel-2:2.11.2-1.el9.s390x", product_id: "freerdp-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_id: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_id: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.s390x", product: { name: "freerdp-2:2.11.2-1.el9.s390x", product_id: "freerdp-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-2:2.11.2-1.el9.s390x", product_id: "libwinpr-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "freerdp-2:2.11.2-1.el9.src", product: { name: "freerdp-2:2.11.2-1.el9.src", product_id: "freerdp-2:2.11.2-1.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=src&epoch=2", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39350", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236784", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS).", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Incorrect offset calculation leading to DOS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39350", }, { category: "external", summary: "RHBZ#2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39350", url: "https://www.cve.org/CVERecord?id=CVE-2023-39350", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Incorrect offset calculation leading to DOS", }, { cve: "CVE-2023-39351", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236779", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. If the initialization process of tiles is incomplete, for various reasons, tiles will have a NULL pointer. This can be accessed in further processing, causing a program crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39351", }, { category: "external", summary: "RHBZ#2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39351", url: "https://www.cve.org/CVERecord?id=CVE-2023-39351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", }, { cve: "CVE-2023-39352", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236766", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. An out-of-bounds write may occur when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. This issue can result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: invalid offset validation leading to Out Of Bound Write", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39352", }, { category: "external", summary: "RHBZ#2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39352", url: "https://www.cve.org/CVERecord?id=CVE-2023-39352", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: invalid offset validation leading to Out Of Bound Write", }, { cve: "CVE-2023-39353", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236763", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. In the `libfreerdp/codec/rfx.c` file, there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result, crafted input can lead to an out-of-bounds read, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out Of Bound Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39353", }, { category: "external", summary: "RHBZ#2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39353", url: "https://www.cve.org/CVERecord?id=CVE-2023-39353", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: missing offset validation leading to Out Of Bound Read", }, { cve: "CVE-2023-39354", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236774", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39354", }, { category: "external", summary: "RHBZ#2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39354", url: "https://www.cve.org/CVERecord?id=CVE-2023-39354", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", }, { cve: "CVE-2023-39356", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236759", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to a heap-buffer-overflow, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39356", }, { category: "external", summary: "RHBZ#2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39356", url: "https://www.cve.org/CVERecord?id=CVE-2023-39356", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", }, { cve: "CVE-2023-40181", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236669", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40181", }, { category: "external", summary: "RHBZ#2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40181", url: "https://www.cve.org/CVERecord?id=CVE-2023-40181", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", }, { cve: "CVE-2023-40186", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236750", }, ], notes: [ { category: "description", text: "An integer overflow vulnerability was found in the `gdi_CreateSurface` function in FreeRDP, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", title: "Vulnerability summary", }, { category: "other", text: "This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40186", }, { category: "external", summary: "RHBZ#2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40186", url: "https://www.cve.org/CVERecord?id=CVE-2023-40186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", }, { cve: "CVE-2023-40188", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236730", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds read in general_LumaToYUV444", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40188", }, { category: "external", summary: "RHBZ#2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40188", url: "https://www.cve.org/CVERecord?id=CVE-2023-40188", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-of-bounds read in general_LumaToYUV444", }, { cve: "CVE-2023-40567", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236656", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Improper validation in the `clear_decompress_bands_data` function may allow for an out-of-bounds write, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in clear_decompress_bands_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40567", }, { category: "external", summary: "RHBZ#2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40567", url: "https://www.cve.org/CVERecord?id=CVE-2023-40567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in clear_decompress_bands_data", }, { cve: "CVE-2023-40569", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236650", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Incorrect calculations in the `progressive_decompress` function may allow for a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", title: "Vulnerability summary", }, { category: "other", text: "Only FreeRDP based clients are affected. FreeRDP proxy is not affected as image decoding is not done by proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40569", }, { category: "external", summary: "RHBZ#2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40569", url: "https://www.cve.org/CVERecord?id=CVE-2023-40569", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", }, { cve: "CVE-2023-40589", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2023-08-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236606", }, ], notes: [ { category: "description", text: "A flaw was found in the FreeRDP implementation. Feeding crafted input into the ncrush_decompress function may cause a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40589", }, { category: "external", summary: "RHBZ#2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40589", url: "https://www.cve.org/CVERecord?id=CVE-2023-40589", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", url: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", }, ], }
rhsa-2024:2208
Vulnerability from csaf_redhat
Published
2024-04-30 10:33
Modified
2024-11-23 03:20
Summary
Red Hat Security Advisory: freerdp security update
Notes
Topic
An update for freerdp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)
* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)
* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)
* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)
* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)
* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)
* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)
* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)
* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)
* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)
* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)
* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for freerdp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)\n\n* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)\n\n* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)\n\n* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)\n\n* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)\n\n* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)\n\n* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)\n\n* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)\n\n* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)\n\n* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)\n\n* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)\n\n* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2208", url: "https://access.redhat.com/errata/RHSA-2024:2208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", }, { category: "external", summary: "2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "RHEL-10060", url: "https://issues.redhat.com/browse/RHEL-10060", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2208.json", }, ], title: "Red Hat Security Advisory: freerdp security update", tracking: { current_release_date: "2024-11-23T03:20:51+00:00", generator: { date: "2024-11-23T03:20:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2208", initial_release_date: "2024-04-30T10:33:17+00:00", revision_history: [ { date: "2024-04-30T10:33:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-30T10:33:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T03:20:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_id: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-2:2.11.2-1.el9.aarch64", product_id: "freerdp-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.i686", product: { name: "freerdp-devel-2:2.11.2-1.el9.i686", product_id: "freerdp-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.i686", product: { name: "libwinpr-devel-2:2.11.2-1.el9.i686", product_id: "libwinpr-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_id: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.i686", product: { name: "libwinpr-2:2.11.2-1.el9.i686", product_id: "libwinpr-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_id: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-2:2.11.2-1.el9.x86_64", product_id: "freerdp-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.s390x", product: { name: "freerdp-devel-2:2.11.2-1.el9.s390x", product_id: "freerdp-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_id: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_id: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.s390x", product: { name: "freerdp-2:2.11.2-1.el9.s390x", product_id: "freerdp-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-2:2.11.2-1.el9.s390x", product_id: "libwinpr-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "freerdp-2:2.11.2-1.el9.src", product: { name: "freerdp-2:2.11.2-1.el9.src", product_id: "freerdp-2:2.11.2-1.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=src&epoch=2", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39350", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236784", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS).", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Incorrect offset calculation leading to DOS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39350", }, { category: "external", summary: "RHBZ#2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39350", url: "https://www.cve.org/CVERecord?id=CVE-2023-39350", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Incorrect offset calculation leading to DOS", }, { cve: "CVE-2023-39351", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236779", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. If the initialization process of tiles is incomplete, for various reasons, tiles will have a NULL pointer. This can be accessed in further processing, causing a program crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39351", }, { category: "external", summary: "RHBZ#2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39351", url: "https://www.cve.org/CVERecord?id=CVE-2023-39351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", }, { cve: "CVE-2023-39352", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236766", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. An out-of-bounds write may occur when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. This issue can result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: invalid offset validation leading to Out Of Bound Write", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39352", }, { category: "external", summary: "RHBZ#2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39352", url: "https://www.cve.org/CVERecord?id=CVE-2023-39352", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: invalid offset validation leading to Out Of Bound Write", }, { cve: "CVE-2023-39353", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236763", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. In the `libfreerdp/codec/rfx.c` file, there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result, crafted input can lead to an out-of-bounds read, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out Of Bound Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39353", }, { category: "external", summary: "RHBZ#2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39353", url: "https://www.cve.org/CVERecord?id=CVE-2023-39353", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: missing offset validation leading to Out Of Bound Read", }, { cve: "CVE-2023-39354", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236774", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39354", }, { category: "external", summary: "RHBZ#2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39354", url: "https://www.cve.org/CVERecord?id=CVE-2023-39354", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", }, { cve: "CVE-2023-39356", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236759", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to a heap-buffer-overflow, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39356", }, { category: "external", summary: "RHBZ#2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39356", url: "https://www.cve.org/CVERecord?id=CVE-2023-39356", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", }, { cve: "CVE-2023-40181", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236669", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40181", }, { category: "external", summary: "RHBZ#2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40181", url: "https://www.cve.org/CVERecord?id=CVE-2023-40181", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", }, { cve: "CVE-2023-40186", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236750", }, ], notes: [ { category: "description", text: "An integer overflow vulnerability was found in the `gdi_CreateSurface` function in FreeRDP, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", title: "Vulnerability summary", }, { category: "other", text: "This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40186", }, { category: "external", summary: "RHBZ#2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40186", url: "https://www.cve.org/CVERecord?id=CVE-2023-40186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", }, { cve: "CVE-2023-40188", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236730", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds read in general_LumaToYUV444", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40188", }, { category: "external", summary: "RHBZ#2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40188", url: "https://www.cve.org/CVERecord?id=CVE-2023-40188", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-of-bounds read in general_LumaToYUV444", }, { cve: "CVE-2023-40567", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236656", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Improper validation in the `clear_decompress_bands_data` function may allow for an out-of-bounds write, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in clear_decompress_bands_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40567", }, { category: "external", summary: "RHBZ#2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40567", url: "https://www.cve.org/CVERecord?id=CVE-2023-40567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in clear_decompress_bands_data", }, { cve: "CVE-2023-40569", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236650", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Incorrect calculations in the `progressive_decompress` function may allow for a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", title: "Vulnerability summary", }, { category: "other", text: "Only FreeRDP based clients are affected. FreeRDP proxy is not affected as image decoding is not done by proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40569", }, { category: "external", summary: "RHBZ#2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40569", url: "https://www.cve.org/CVERecord?id=CVE-2023-40569", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", }, { cve: "CVE-2023-40589", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2023-08-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236606", }, ], notes: [ { category: "description", text: "A flaw was found in the FreeRDP implementation. Feeding crafted input into the ncrush_decompress function may cause a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40589", }, { category: "external", summary: "RHBZ#2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40589", url: "https://www.cve.org/CVERecord?id=CVE-2023-40589", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", url: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", }, ], }
rhsa-2024_2208
Vulnerability from csaf_redhat
Published
2024-04-30 10:33
Modified
2024-11-23 03:20
Summary
Red Hat Security Advisory: freerdp security update
Notes
Topic
An update for freerdp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)
* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)
* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)
* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)
* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)
* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)
* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)
* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)
* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)
* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)
* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)
* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for freerdp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)\n\n* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)\n\n* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)\n\n* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)\n\n* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)\n\n* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)\n\n* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)\n\n* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)\n\n* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)\n\n* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)\n\n* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)\n\n* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2208", url: "https://access.redhat.com/errata/RHSA-2024:2208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", }, { category: "external", summary: "2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "RHEL-10060", url: "https://issues.redhat.com/browse/RHEL-10060", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2208.json", }, ], title: "Red Hat Security Advisory: freerdp security update", tracking: { current_release_date: "2024-11-23T03:20:51+00:00", generator: { date: "2024-11-23T03:20:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2208", initial_release_date: "2024-04-30T10:33:17+00:00", revision_history: [ { date: "2024-04-30T10:33:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-30T10:33:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T03:20:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_id: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-2:2.11.2-1.el9.aarch64", product_id: "freerdp-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.i686", product: { name: "freerdp-devel-2:2.11.2-1.el9.i686", product_id: "freerdp-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.i686", product: { name: "libwinpr-devel-2:2.11.2-1.el9.i686", product_id: "libwinpr-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_id: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.i686", product: { name: "libwinpr-2:2.11.2-1.el9.i686", product_id: "libwinpr-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_id: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-2:2.11.2-1.el9.x86_64", product_id: "freerdp-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.s390x", product: { name: "freerdp-devel-2:2.11.2-1.el9.s390x", product_id: "freerdp-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_id: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_id: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.s390x", product: { name: "freerdp-2:2.11.2-1.el9.s390x", product_id: "freerdp-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-2:2.11.2-1.el9.s390x", product_id: "libwinpr-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "freerdp-2:2.11.2-1.el9.src", product: { name: "freerdp-2:2.11.2-1.el9.src", product_id: "freerdp-2:2.11.2-1.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=src&epoch=2", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39350", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236784", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS).", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Incorrect offset calculation leading to DOS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39350", }, { category: "external", summary: "RHBZ#2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39350", url: "https://www.cve.org/CVERecord?id=CVE-2023-39350", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Incorrect offset calculation leading to DOS", }, { cve: "CVE-2023-39351", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236779", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. If the initialization process of tiles is incomplete, for various reasons, tiles will have a NULL pointer. This can be accessed in further processing, causing a program crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39351", }, { category: "external", summary: "RHBZ#2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39351", url: "https://www.cve.org/CVERecord?id=CVE-2023-39351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", }, { cve: "CVE-2023-39352", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236766", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. An out-of-bounds write may occur when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. This issue can result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: invalid offset validation leading to Out Of Bound Write", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39352", }, { category: "external", summary: "RHBZ#2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39352", url: "https://www.cve.org/CVERecord?id=CVE-2023-39352", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: invalid offset validation leading to Out Of Bound Write", }, { cve: "CVE-2023-39353", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236763", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. In the `libfreerdp/codec/rfx.c` file, there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result, crafted input can lead to an out-of-bounds read, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out Of Bound Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39353", }, { category: "external", summary: "RHBZ#2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39353", url: "https://www.cve.org/CVERecord?id=CVE-2023-39353", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: missing offset validation leading to Out Of Bound Read", }, { cve: "CVE-2023-39354", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236774", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39354", }, { category: "external", summary: "RHBZ#2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39354", url: "https://www.cve.org/CVERecord?id=CVE-2023-39354", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", }, { cve: "CVE-2023-39356", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236759", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to a heap-buffer-overflow, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39356", }, { category: "external", summary: "RHBZ#2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39356", url: "https://www.cve.org/CVERecord?id=CVE-2023-39356", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", }, { cve: "CVE-2023-40181", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236669", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40181", }, { category: "external", summary: "RHBZ#2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40181", url: "https://www.cve.org/CVERecord?id=CVE-2023-40181", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", }, { cve: "CVE-2023-40186", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236750", }, ], notes: [ { category: "description", text: "An integer overflow vulnerability was found in the `gdi_CreateSurface` function in FreeRDP, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", title: "Vulnerability summary", }, { category: "other", text: "This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40186", }, { category: "external", summary: "RHBZ#2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40186", url: "https://www.cve.org/CVERecord?id=CVE-2023-40186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", }, { cve: "CVE-2023-40188", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236730", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds read in general_LumaToYUV444", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40188", }, { category: "external", summary: "RHBZ#2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40188", url: "https://www.cve.org/CVERecord?id=CVE-2023-40188", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-of-bounds read in general_LumaToYUV444", }, { cve: "CVE-2023-40567", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236656", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Improper validation in the `clear_decompress_bands_data` function may allow for an out-of-bounds write, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in clear_decompress_bands_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40567", }, { category: "external", summary: "RHBZ#2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40567", url: "https://www.cve.org/CVERecord?id=CVE-2023-40567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in clear_decompress_bands_data", }, { cve: "CVE-2023-40569", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236650", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Incorrect calculations in the `progressive_decompress` function may allow for a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", title: "Vulnerability summary", }, { category: "other", text: "Only FreeRDP based clients are affected. FreeRDP proxy is not affected as image decoding is not done by proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40569", }, { category: "external", summary: "RHBZ#2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40569", url: "https://www.cve.org/CVERecord?id=CVE-2023-40569", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", }, { cve: "CVE-2023-40589", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2023-08-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236606", }, ], notes: [ { category: "description", text: "A flaw was found in the FreeRDP implementation. Feeding crafted input into the ncrush_decompress function may cause a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40589", }, { category: "external", summary: "RHBZ#2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40589", url: "https://www.cve.org/CVERecord?id=CVE-2023-40589", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", url: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", }, ], }
fkie_cve-2023-40567
Vulnerability from fkie_nvd
Published
2023-08-31 22:15
Modified
2024-11-21 08:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
freerdp | freerdp | * | |
freerdp | freerdp | 3.0.0 | |
freerdp | freerdp | 3.0.0 | |
debian | debian_linux | 10.0 | |
fedoraproject | fedora | 37 | |
fedoraproject | fedora | 38 | |
fedoraproject | fedora | 39 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", matchCriteriaId: "80B02150-FC4E-43F5-A3DF-D8E585200977", versionEndExcluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", }, ], id: "CVE-2023-40567", lastModified: "2024-11-21T08:19:43.817", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-31T22:15:08.613", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202401-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-16", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
gsd-2023-40567
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-40567", id: "GSD-2023-40567", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-40567", ], details: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", id: "GSD-2023-40567", modified: "2023-12-13T01:20:44.098529Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2023-40567", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FreeRDP", version: { version_data: [ { version_affected: "=", version_value: "< 2.11.0", }, { version_affected: "=", version_value: ">= 3.0.0-beta1, < 3.0.0-beta3", }, ], }, }, ], }, vendor_name: "FreeRDP", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", }, ], }, impact: { cvss: [ { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-787", lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", refsource: "MISC", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, { name: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", refsource: "MISC", url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", }, { name: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", refsource: "MISC", url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", }, { name: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", refsource: "MISC", url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { name: "https://security.gentoo.org/glsa/202401-16", refsource: "MISC", url: "https://security.gentoo.org/glsa/202401-16", }, ], }, source: { advisory: "GHSA-2w9f-8wg4-8jfp", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", matchCriteriaId: "80B02150-FC4E-43F5-A3DF-D8E585200977", versionEndExcluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", }, ], id: "CVE-2023-40567", lastModified: "2024-01-12T13:15:11.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2023-08-31T22:15:08.613", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202401-16", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }, }, }, }
WID-SEC-W-2023-2251
Vulnerability from csaf_certbund
Published
2023-09-03 22:00
Modified
2024-01-14 23:00
Summary
FreeRDP: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2251 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2251.json", }, { category: "self", summary: "WID-SEC-2023-2251 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2251", }, { category: "external", summary: "FreeRDP Security Release vom 2023-09-03", url: "https://www.freerdp.com/2023/08/31/3_0_0_beta3-release", }, { category: "external", summary: "PoC für CVE-2023-39350", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", }, { category: "external", summary: "PoC für CVE-2023-39352", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", }, { category: "external", summary: "PoC für CVE-2023-39355", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h", }, { category: "external", summary: "PoC für CVE-2023-40181", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", }, { category: "external", summary: "PoC für CVE-2023-40186", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", }, { category: "external", summary: "PoC für CVE-2023-40589", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-10E43BCEBB vom 2023-09-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-10e43bcebb", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-5E6796CB83 vom 2023-09-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-5e6796cb83", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-74108CA60D vom 2023-09-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-74108ca60d", }, { category: "external", summary: "Ubuntu Security Notice USN-6401-1 vom 2023-10-04", url: "https://ubuntu.com/security/notices/USN-6401-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2269 vom 2023-10-06", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2269.html", }, { category: "external", summary: "Debian Security Advisory DLA-3606 vom 2023-10-07", url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4611-1 vom 2023-11-29", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017261.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6522-1 vom 2023-11-29", url: "https://ubuntu.com/security/notices/USN-6522-1", }, { category: "external", summary: "Ubuntu Security Notice USN-6522-2 vom 2023-12-07", url: "https://ubuntu.com/security/notices/USN-6522-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4893-1 vom 2023-12-18", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017438.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202401-16 vom 2024-01-12", url: "https://security.gentoo.org/glsa/202401-16", }, ], source_lang: "en-US", title: "FreeRDP: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-14T23:00:00.000+00:00", generator: { date: "2024-08-15T17:57:59.011+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2251", initial_release_date: "2023-09-03T22:00:00.000+00:00", revision_history: [ { date: "2023-09-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-04T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-04T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-10-05T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-11-29T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE und Ubuntu aufgenommen", }, { date: "2023-12-07T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-12-18T23:00:00.000+00:00", number: "8", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-01-14T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source FreeRDP < 3.0.0-beta3", product: { name: "Open Source FreeRDP < 3.0.0-beta3", product_id: "T029682", product_identification_helper: { cpe: "cpe:/a:freerdp:freerdp:3.0.0-beta3", }, }, }, { category: "product_name", name: "Open Source FreeRDP < 2.11.0-1.fc37", product: { name: "Open Source FreeRDP < 2.11.0-1.fc37", product_id: "T029698", product_identification_helper: { cpe: "cpe:/a:freerdp:freerdp:2.11.0-1.fc37", }, }, }, ], category: "product_name", name: "FreeRDP", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2023-40589", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40589", }, { cve: "CVE-2023-40576", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40576", }, { cve: "CVE-2023-40575", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40575", }, { cve: "CVE-2023-40574", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40574", }, { cve: "CVE-2023-40569", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40569", }, { cve: "CVE-2023-40567", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40567", }, { cve: "CVE-2023-40188", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40188", }, { cve: "CVE-2023-40187", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40187", }, { cve: "CVE-2023-40186", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40186", }, { cve: "CVE-2023-40181", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40181", }, { cve: "CVE-2023-39356", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39356", }, { cve: "CVE-2023-39355", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39355", }, { cve: "CVE-2023-39354", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39354", }, { cve: "CVE-2023-39353", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39353", }, { cve: "CVE-2023-39352", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39352", }, { cve: "CVE-2023-39351", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39351", }, { cve: "CVE-2023-39350", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39350", }, ], }
wid-sec-w-2023-2251
Vulnerability from csaf_certbund
Published
2023-09-03 22:00
Modified
2024-01-14 23:00
Summary
FreeRDP: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2251 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2251.json", }, { category: "self", summary: "WID-SEC-2023-2251 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2251", }, { category: "external", summary: "FreeRDP Security Release vom 2023-09-03", url: "https://www.freerdp.com/2023/08/31/3_0_0_beta3-release", }, { category: "external", summary: "PoC für CVE-2023-39350", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", }, { category: "external", summary: "PoC für CVE-2023-39352", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", }, { category: "external", summary: "PoC für CVE-2023-39355", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h", }, { category: "external", summary: "PoC für CVE-2023-40181", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", }, { category: "external", summary: "PoC für CVE-2023-40186", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", }, { category: "external", summary: "PoC für CVE-2023-40589", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-10E43BCEBB vom 2023-09-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-10e43bcebb", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-5E6796CB83 vom 2023-09-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-5e6796cb83", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-74108CA60D vom 2023-09-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-74108ca60d", }, { category: "external", summary: "Ubuntu Security Notice USN-6401-1 vom 2023-10-04", url: "https://ubuntu.com/security/notices/USN-6401-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2269 vom 2023-10-06", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2269.html", }, { category: "external", summary: "Debian Security Advisory DLA-3606 vom 2023-10-07", url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4611-1 vom 2023-11-29", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017261.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6522-1 vom 2023-11-29", url: "https://ubuntu.com/security/notices/USN-6522-1", }, { category: "external", summary: "Ubuntu Security Notice USN-6522-2 vom 2023-12-07", url: "https://ubuntu.com/security/notices/USN-6522-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4893-1 vom 2023-12-18", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017438.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202401-16 vom 2024-01-12", url: "https://security.gentoo.org/glsa/202401-16", }, ], source_lang: "en-US", title: "FreeRDP: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-14T23:00:00.000+00:00", generator: { date: "2024-08-15T17:57:59.011+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2251", initial_release_date: "2023-09-03T22:00:00.000+00:00", revision_history: [ { date: "2023-09-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-09-04T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-10-04T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-10-05T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-11-29T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE und Ubuntu aufgenommen", }, { date: "2023-12-07T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-12-18T23:00:00.000+00:00", number: "8", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-01-14T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Gentoo aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source FreeRDP < 3.0.0-beta3", product: { name: "Open Source FreeRDP < 3.0.0-beta3", product_id: "T029682", product_identification_helper: { cpe: "cpe:/a:freerdp:freerdp:3.0.0-beta3", }, }, }, { category: "product_name", name: "Open Source FreeRDP < 2.11.0-1.fc37", product: { name: "Open Source FreeRDP < 2.11.0-1.fc37", product_id: "T029698", product_identification_helper: { cpe: "cpe:/a:freerdp:freerdp:2.11.0-1.fc37", }, }, }, ], category: "product_name", name: "FreeRDP", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2023-40589", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40589", }, { cve: "CVE-2023-40576", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40576", }, { cve: "CVE-2023-40575", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40575", }, { cve: "CVE-2023-40574", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40574", }, { cve: "CVE-2023-40569", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40569", }, { cve: "CVE-2023-40567", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40567", }, { cve: "CVE-2023-40188", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40188", }, { cve: "CVE-2023-40187", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40187", }, { cve: "CVE-2023-40186", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40186", }, { cve: "CVE-2023-40181", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-40181", }, { cve: "CVE-2023-39356", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39356", }, { cve: "CVE-2023-39355", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39355", }, { cve: "CVE-2023-39354", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39354", }, { cve: "CVE-2023-39353", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39353", }, { cve: "CVE-2023-39352", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39352", }, { cve: "CVE-2023-39351", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39351", }, { cve: "CVE-2023-39350", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in FreeRDP. Diese Fehler existieren in RemoteFX, nsc_rle_decompress_data, RDPGFX_CMDID_RESETGRAPHICS, in gdi_multi_opaque_rect Komponenten unter anderem aufgrund einer falschen Offset-Berechnung, einer Null-Zeiger-Dereferenz, einem out of bound write, einem out of bound read, einem use-after-free und einem globalen Pufferüberlauf. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T000126", "398363", "T012167", "74185", ], }, release_date: "2023-09-03T22:00:00.000+00:00", title: "CVE-2023-39350", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.