Hide Forgot
The vulnerability exists due to a boundary error when processing connections with GDI or SurfaceCommands. A remote server can send specially crafted data to the client, trigger an out-of-bounds write and execute arbitrary code on the target system. External Reference: https://www.cybersecurity-help.cz/vulnerabilities/57584/
Created freerdp tracking bugs for this issue: Affects: fedora-all [bug 2016413] Created freerdp1.2 tracking bugs for this issue: Affects: epel-7 [bug 2016415] Affects: fedora-33 [bug 2016414]
Upstream PR: https://github.com/FreeRDP/FreeRDP/pull/7349
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:4620 https://access.redhat.com/errata/RHSA-2021:4620
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4622 https://access.redhat.com/errata/RHSA-2021:4622
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:4621 https://access.redhat.com/errata/RHSA-2021:4621
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2021:4623 https://access.redhat.com/errata/RHSA-2021:4623
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:4619 https://access.redhat.com/errata/RHSA-2021:4619
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41160