Sunday, November 14, 2021

Red Hat: CVE-2021-41159: Important: freerdp security update (Multiple Advisories)

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system.
  • redhat-upgrade-freerdp
  • redhat-upgrade-freerdp-debuginfo
  • redhat-upgrade-freerdp-debugsource
  • redhat-upgrade-freerdp-devel
  • redhat-upgrade-freerdp-libs
  • redhat-upgrade-freerdp-libs-debuginfo
  • redhat-upgrade-libwinpr
  • redhat-upgrade-libwinpr-debuginfo
  • redhat-upgrade-libwinpr-devel

  • References
  • CVE-2021-41159
  • RHSA-2021:4619
  • RHSA-2021:4620
  • RHSA-2021:4621
  • RHSA-2021:4622
  • RHSA-2021:4623


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore