Bug 2016403 (CVE-2021-41159) - CVE-2021-41159 freerdp: improper client input validation for gateway connections allows to overwrite memory
Summary: CVE-2021-41159 freerdp: improper client input validation for gateway connecti...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-41159
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2016406 2016404 2016405 2017944 2017945 2017946 2017947 2017948 2017949 2017950
Blocks: 2016407
TreeView+ depends on / blocked
 
Reported: 2021-10-21 13:09 UTC by Marian Rehak
Modified: 2022-11-28 05:42 UTC (History)
4 users (show)

Fixed In Version: FreeRDP 2.4.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system.
Clone Of:
Environment:
Last Closed: 2022-03-10 20:01:28 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4619 0 None None None 2021-11-11 10:19:47 UTC
Red Hat Product Errata RHSA-2021:4620 0 None None None 2021-11-11 09:50:04 UTC
Red Hat Product Errata RHSA-2021:4621 0 None None None 2021-11-11 10:03:44 UTC
Red Hat Product Errata RHSA-2021:4622 0 None None None 2021-11-11 10:02:58 UTC
Red Hat Product Errata RHSA-2021:4623 0 None None None 2021-11-11 10:11:25 UTC

Description Marian Rehak 2021-10-21 13:09:23 UTC 
The vulnerability exists due to a boundary error when processing /gt:rpc connections. A remote server can send specially crafted data to the client, trigger an out-of-bounds write and execute arbitrary code on the target system.

External Reference:

https://www.cybersecurity-help.cz/vulnerabilities/57585/
Comment 1 Marian Rehak 2021-10-21 13:09:45 UTC 
Created freerdp tracking bugs for this issue:

Affects: fedora-all [bug 2016404]


Created freerdp1.2 tracking bugs for this issue:

Affects: epel-7 [bug 2016406]
Affects: fedora-33 [bug 2016405]
Comment 2 Doran Moppert 2021-10-25 05:24:22 UTC 
Upstream patch:

https://github.com/FreeRDP/FreeRDP/pull/7366/commits/f0a0683fa6a3f696c4bc5ba88c128bc781c54895
Comment 4 errata-xmlrpc 2021-11-11 09:50:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:4620 https://access.redhat.com/errata/RHSA-2021:4620
Comment 5 errata-xmlrpc 2021-11-11 10:02:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4622 https://access.redhat.com/errata/RHSA-2021:4622
Comment 6 errata-xmlrpc 2021-11-11 10:03:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4621 https://access.redhat.com/errata/RHSA-2021:4621
Comment 7 errata-xmlrpc 2021-11-11 10:11:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:4623 https://access.redhat.com/errata/RHSA-2021:4623
Comment 8 errata-xmlrpc 2021-11-11 10:19:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:4619 https://access.redhat.com/errata/RHSA-2021:4619
Comment 10 Product Security DevOps Team 2022-03-10 20:01:26 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-41159
Note You need to log in before you can comment on or make changes to this bug.