CVE-2022-39282

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (/parallel command line switch) as a workaround.

Published: Oct 13, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-39282
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
freerdp / freerdp	-	2.8.1
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x

https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/
https://lists.fedoraproject.org/archives/list/[email protected]/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
https://security.gentoo.org/glsa/202210-24

Vulnerability Database

289,689

CVE-2022-39282