FreeRDP Use-After-Free in RDPGFX_CMDID_RESETGRAPHICS
CVE-2023-39355

7HIGH

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 31 August 2023

What is CVE-2023-39355?

The FreeRDP library, an open-source implementation of the Remote Desktop Protocol, is vulnerable to a Use-After-Free issue when processing RDPGFX_CMDID_RESETGRAPHICS packets. In affected versions, if the context's maxPlaneSize is zero, the planesBuffer may be incorrectly freed without appropriate state management, giving way to potential exploitation scenarios. Although this vulnerability primarily leads to application crashes in typical environments, it can expose systems to risks in certain configurations. It is crucial for users of impacted 3.x versions to upgrade to 3.0.0-beta3, as this version resolves the vulnerability. There are currently no known workarounds to mitigate this issue.

Affected Version(s)

FreeRDP >= 3.0.0-beta1, < 3.0.0-beta3

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/d6f9d33a7db0b34...

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2023/10/msg0...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Jul 28, 2023

Freerdp

What is CVE-2023-39355?

Affected Version(s)

References

CVSS V3.1

Timeline