RHSA-2024:2208
Vulnerability from csaf_redhat
Published
2024-04-30 10:33
Modified
2025-03-15 01:10
Summary
Red Hat Security Advisory: freerdp security update
Notes
Topic
An update for freerdp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)
* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)
* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)
* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)
* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)
* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)
* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)
* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)
* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)
* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)
* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)
* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for freerdp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)\n\n* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)\n\n* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)\n\n* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)\n\n* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)\n\n* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)\n\n* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)\n\n* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)\n\n* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)\n\n* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)\n\n* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)\n\n* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2208", url: "https://access.redhat.com/errata/RHSA-2024:2208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index", }, { category: "external", summary: "2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "RHEL-10060", url: "https://issues.redhat.com/browse/RHEL-10060", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2208.json", }, ], title: "Red Hat Security Advisory: freerdp security update", tracking: { current_release_date: "2025-03-15T01:10:45+00:00", generator: { date: "2025-03-15T01:10:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:2208", initial_release_date: "2024-04-30T10:33:17+00:00", revision_history: [ { date: "2024-04-30T10:33:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-30T10:33:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T01:10:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux CRB (v. 9)", product: { name: "Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::crb", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_id: "freerdp-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-devel-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-2:2.11.2-1.el9.aarch64", product_id: "freerdp-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_id: "freerdp-libs-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.aarch64", product: { name: "libwinpr-2:2.11.2-1.el9.aarch64", product_id: "libwinpr-2:2.11.2-1.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=aarch64&epoch=2", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_id: "freerdp-libs-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.ppc64le", product: { name: "libwinpr-2:2.11.2-1.el9.ppc64le", product_id: "libwinpr-2:2.11.2-1.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=ppc64le&epoch=2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.i686", product: { name: "freerdp-devel-2:2.11.2-1.el9.i686", product_id: "freerdp-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.i686", product: { name: "libwinpr-devel-2:2.11.2-1.el9.i686", product_id: "libwinpr-devel-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_id: "freerdp-debugsource-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.i686", product: { name: "freerdp-libs-2:2.11.2-1.el9.i686", product_id: "freerdp-libs-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.i686", product: { name: "libwinpr-2:2.11.2-1.el9.i686", product_id: "libwinpr-2:2.11.2-1.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=i686&epoch=2", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_id: "freerdp-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-devel-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-2:2.11.2-1.el9.x86_64", product_id: "freerdp-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_id: "freerdp-libs-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.x86_64", product: { name: "libwinpr-2:2.11.2-1.el9.x86_64", product_id: "libwinpr-2:2.11.2-1.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=x86_64&epoch=2", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "freerdp-devel-2:2.11.2-1.el9.s390x", product: { name: "freerdp-devel-2:2.11.2-1.el9.s390x", product_id: "freerdp-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_id: "libwinpr-devel-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-devel@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_id: "freerdp-debugsource-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debugsource@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_id: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr-debuginfo@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-2:2.11.2-1.el9.s390x", product: { name: "freerdp-2:2.11.2-1.el9.s390x", product_id: "freerdp-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "freerdp-libs-2:2.11.2-1.el9.s390x", product: { name: "freerdp-libs-2:2.11.2-1.el9.s390x", product_id: "freerdp-libs-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp-libs@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, { category: "product_version", name: "libwinpr-2:2.11.2-1.el9.s390x", product: { name: "libwinpr-2:2.11.2-1.el9.s390x", product_id: "libwinpr-2:2.11.2-1.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libwinpr@2.11.2-1.el9?arch=s390x&epoch=2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "freerdp-2:2.11.2-1.el9.src", product: { name: "freerdp-2:2.11.2-1.el9.src", product_id: "freerdp-2:2.11.2-1.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/freerdp@2.11.2-1.el9?arch=src&epoch=2", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "AppStream-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.src as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", }, product_reference: "freerdp-2:2.11.2-1.el9.src", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-debugsource-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-debugsource-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.aarch64", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.i686", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.ppc64le", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.s390x", relates_to_product_reference: "CRB-9.4.0.GA", }, { category: "default_component_of", full_product_name: { name: "libwinpr-devel-2:2.11.2-1.el9.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)", product_id: "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", }, product_reference: "libwinpr-devel-2:2.11.2-1.el9.x86_64", relates_to_product_reference: "CRB-9.4.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39350", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236784", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS).", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Incorrect offset calculation leading to DOS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39350", }, { category: "external", summary: "RHBZ#2236784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236784", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39350", url: "https://www.cve.org/CVERecord?id=CVE-2023-39350", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39350", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Incorrect offset calculation leading to DOS", }, { cve: "CVE-2023-39351", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236779", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. If the initialization process of tiles is incomplete, for various reasons, tiles will have a NULL pointer. This can be accessed in further processing, causing a program crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39351", }, { category: "external", summary: "RHBZ#2236779", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236779", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39351", url: "https://www.cve.org/CVERecord?id=CVE-2023-39351", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39351", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Null Pointer Dereference leading DOS in RemoteFX", }, { cve: "CVE-2023-39352", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236766", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. An out-of-bounds write may occur when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. This issue can result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: invalid offset validation leading to Out Of Bound Write", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39352", }, { category: "external", summary: "RHBZ#2236766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39352", url: "https://www.cve.org/CVERecord?id=CVE-2023-39352", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39352", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: invalid offset validation leading to Out Of Bound Write", }, { cve: "CVE-2023-39353", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236763", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. In the `libfreerdp/codec/rfx.c` file, there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result, crafted input can lead to an out-of-bounds read, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out Of Bound Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39353", }, { category: "external", summary: "RHBZ#2236763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236763", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39353", url: "https://www.cve.org/CVERecord?id=CVE-2023-39353", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39353", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: missing offset validation leading to Out Of Bound Read", }, { cve: "CVE-2023-39354", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236774", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39354", }, { category: "external", summary: "RHBZ#2236774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39354", url: "https://www.cve.org/CVERecord?id=CVE-2023-39354", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39354", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data", }, { cve: "CVE-2023-39356", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236759", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to a heap-buffer-overflow, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39356", }, { category: "external", summary: "RHBZ#2236759", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236759", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39356", url: "https://www.cve.org/CVERecord?id=CVE-2023-39356", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39356", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect", }, { cve: "CVE-2023-40181", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236669", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40181", }, { category: "external", summary: "RHBZ#2236669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236669", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40181", url: "https://www.cve.org/CVERecord?id=CVE-2023-40181", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40181", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment", }, { cve: "CVE-2023-40186", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236750", }, ], notes: [ { category: "description", text: "An integer overflow vulnerability was found in the `gdi_CreateSurface` function in FreeRDP, which may result in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", title: "Vulnerability summary", }, { category: "other", text: "This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40186", }, { category: "external", summary: "RHBZ#2236750", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236750", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40186", url: "https://www.cve.org/CVERecord?id=CVE-2023-40186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40186", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface", }, { cve: "CVE-2023-40188", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236730", }, ], notes: [ { category: "description", text: "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds read in general_LumaToYUV444", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40188", }, { category: "external", summary: "RHBZ#2236730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236730", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40188", url: "https://www.cve.org/CVERecord?id=CVE-2023-40188", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40188", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "freerdp: Out-of-bounds read in general_LumaToYUV444", }, { cve: "CVE-2023-40567", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236656", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Improper validation in the `clear_decompress_bands_data` function may allow for an out-of-bounds write, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in clear_decompress_bands_data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40567", }, { category: "external", summary: "RHBZ#2236656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236656", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40567", url: "https://www.cve.org/CVERecord?id=CVE-2023-40567", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40567", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in clear_decompress_bands_data", }, { cve: "CVE-2023-40569", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-09-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236650", }, ], notes: [ { category: "description", text: "A flaw was found in FreeRDP. Incorrect calculations in the `progressive_decompress` function may allow for a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", title: "Vulnerability summary", }, { category: "other", text: "Only FreeRDP based clients are affected. FreeRDP proxy is not affected as image decoding is not done by proxy.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40569", }, { category: "external", summary: "RHBZ#2236650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236650", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40569", url: "https://www.cve.org/CVERecord?id=CVE-2023-40569", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40569", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp", }, ], release_date: "2023-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations", }, { cve: "CVE-2023-40589", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2023-08-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236606", }, ], notes: [ { category: "description", text: "A flaw was found in the FreeRDP implementation. Feeding crafted input into the ncrush_decompress function may cause a buffer overflow, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-40589", }, { category: "external", summary: "RHBZ#2236606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-40589", url: "https://www.cve.org/CVERecord?id=CVE-2023-40589", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", url: "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", }, { category: "external", summary: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", url: "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", }, ], release_date: "2023-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-30T10:33:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "AppStream-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "AppStream-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.src", "CRB-9.4.0.GA:freerdp-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-debugsource-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-devel-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:freerdp-libs-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-debuginfo-2:2.11.2-1.el9.x86_64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.aarch64", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.i686", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.ppc64le", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.s390x", "CRB-9.4.0.GA:libwinpr-devel-2:2.11.2-1.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "freerdp: buffer overflow in ncrush_decompress causes crash with crafted input", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.