Input Validation Flaw in FreeRDP Client for Windows
CVE-2021-37594

9.8CRITICAL

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 30 July 2021

What is CVE-2021-37594?

FreeRDP, a widely used remote desktop protocol implementation, contains an input validation flaw in its handling of FILECONTENTS_SIZE requests. Specifically, prior to version 2.4.0, the function wf_cliprdr_server_file_contents_request lacks adequate input checks, which could be exploited by an attacker to manipulate the File Contents Request PDU. This oversight could lead to unexpected behavior or potential security risks, emphasizing the importance of prompt updates to the latest software versions.

References

https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab0...

x_refsource_MISC

https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2021
Vulnerability Reserved
Jul 27, 2021

Freerdp

What is CVE-2021-37594?

References

CVSS V3.1

Timeline