8.8
CWE
787
Advisory Published
Updated

CVE-2021-41160: Improper region checks in FreeRDP allow out of bound write to memory

First published: Thu Oct 21 2021(Updated: )

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

Credit: security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
FreeRDP FreeRDP<2.4.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
<2.4.1
=33
=34
=35

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-41160?

    CVE-2021-41160 is a vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP), that can be triggered by a malicious server causing out of bound writes in a connected client.

  • How does CVE-2021-41160 affect FreeRDP?

    CVE-2021-41160 affects FreeRDP versions up to and exclusive of 2.4.1.

  • What is the severity of CVE-2021-41160?

    CVE-2021-41160 has a severity rating of 8.8 (high).

  • How can CVE-2021-41160 be exploited?

    CVE-2021-41160 can be exploited by a malicious server sending specific graphics updates to a connected client.

  • How can I fix CVE-2021-41160?

    To fix CVE-2021-41160, users should update to a version of FreeRDP that is greater than or equal to 2.4.1.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203