CVE-2022-39347: Missing path sanitation with `drive` channel in FreeRDP
First published: Wed Nov 16 2022(Updated: )
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeRDP FreeRDP | <2.9.0 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
- https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/
- https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html
- https://security.gentoo.org/glsa/202401-16
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/
Frequently Asked Questions
What is CVE-2022-39347?
CVE-2022-39347 is a vulnerability in FreeRDP that allows a malicious server to trick a client into reading files outside the shared directory.
What is the severity of CVE-2022-39347?
The severity of CVE-2022-39347 is medium with a CVSS score of 5.7.
Which versions of FreeRDP are affected by CVE-2022-39347?
Versions up to exclusive 2.9.0 of FreeRDP are affected by CVE-2022-39347.
How can a malicious server exploit CVE-2022-39347?
A malicious server can exploit CVE-2022-39347 by tricking a FreeRDP client into reading files outside the shared directory.
How can I fix CVE-2022-39347?
CVE-2022-39347 has been addressed in the latest version of FreeRDP. Please update to the latest version to fix the vulnerability.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/freerdp
- canonical/freerdp freerdp
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37