What is CVE-2022-39320?

CVE-2022-39320 is a vulnerability in FreeRDP, a remote desktop protocol library and client, which can be exploited by a malicious server to read out-of-bounds data.

What is the severity of CVE-2022-39320?

The severity of CVE-2022-39320 is medium with a CVSS score of 4.6.

Which software versions are affected by CVE-2022-39320?

Versions up to and excluding 2.9.0 of FreeRDP, Fedora 36, and Fedora 37 are affected by CVE-2022-39320.

How can CVE-2022-39320 be exploited?

CVE-2022-39320 can be exploited by a malicious server tricking a FreeRDP-based client to read out-of-bounds data.

Are there any references for CVE-2022-39320?

Yes, you can find more information about CVE-2022-39320 at the following references: [1](https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j), [2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/), [3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/)

Vulnerability/
CVE-2022-39320

medium

5.5

CWE

125

16/11/2022

3/8/2024

CVE-2022-39320: Heap buffer overflow in urbdrc channel

First published: Wed Nov 16 2022(Updated: )

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
FreeRDP FreeRDP	<2.9.0
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-39320?
CVE-2022-39320 is a vulnerability in FreeRDP, a remote desktop protocol library and client, which can be exploited by a malicious server to read out-of-bounds data.
What is the severity of CVE-2022-39320?
The severity of CVE-2022-39320 is medium with a CVSS score of 4.6.
Which software versions are affected by CVE-2022-39320?
Versions up to and excluding 2.9.0 of FreeRDP, Fedora 36, and Fedora 37 are affected by CVE-2022-39320.
How can CVE-2022-39320 be exploited?
CVE-2022-39320 can be exploited by a malicious server tricking a FreeRDP-based client to read out-of-bounds data.
Are there any references for CVE-2022-39320?
Yes, you can find more information about CVE-2022-39320 at the following references: [1](https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j), [2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/), [3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/)

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
vendor/freerdp
canonical/freerdp freerdp
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
version/fedoraproject fedora/37