Bug 2016412 (CVE-2021-41160) - CVE-2021-41160 freerdp: improper region checks in all clients allow out of bound write to memory
Summary: CVE-2021-41160 freerdp: improper region checks in all clients allow out of bo...
Keywords:
Status: NEW
Alias: CVE-2021-41160
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2016415 2017956 2017957 2016413 2016414 2017951 2017952 2017953 2017954 2017955
Blocks: 2016407
TreeView+ depends on / blocked
 
Reported: 2021-10-21 13:21 UTC by Marian Rehak
Modified: 2021-11-30 12:15 UTC (History)
4 users (show)

Fixed In Version: FreeRDP 2.4.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the FreeRDP client where it fails to validate input data when using connections with GDI or SurfaceCommands. This flaw could allow a malicious server sending graphics updates to a client to cause an out of bounds write in client memory using a specially crafted input. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4619 0 None None None 2021-11-11 10:19:48 UTC
Red Hat Product Errata RHSA-2021:4620 0 None None None 2021-11-11 09:50:08 UTC
Red Hat Product Errata RHSA-2021:4621 0 None None None 2021-11-11 10:03:48 UTC
Red Hat Product Errata RHSA-2021:4622 0 None None None 2021-11-11 10:03:02 UTC
Red Hat Product Errata RHSA-2021:4623 0 None None None 2021-11-11 10:11:29 UTC

Description Marian Rehak 2021-10-21 13:21:59 UTC
The vulnerability exists due to a boundary error when processing connections with GDI or SurfaceCommands. A remote server can send specially crafted data to the client, trigger an out-of-bounds write and execute arbitrary code on the target system.

External Reference:

https://www.cybersecurity-help.cz/vulnerabilities/57584/

Comment 1 Marian Rehak 2021-10-21 13:24:07 UTC
Created freerdp tracking bugs for this issue:

Affects: fedora-all [bug 2016413]


Created freerdp1.2 tracking bugs for this issue:

Affects: epel-7 [bug 2016415]
Affects: fedora-33 [bug 2016414]

Comment 2 Doran Moppert 2021-10-25 05:24:12 UTC
Upstream PR:

https://github.com/FreeRDP/FreeRDP/pull/7349

Comment 4 errata-xmlrpc 2021-11-11 09:50:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:4620 https://access.redhat.com/errata/RHSA-2021:4620

Comment 5 errata-xmlrpc 2021-11-11 10:03:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4622 https://access.redhat.com/errata/RHSA-2021:4622

Comment 6 errata-xmlrpc 2021-11-11 10:03:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4621 https://access.redhat.com/errata/RHSA-2021:4621

Comment 7 errata-xmlrpc 2021-11-11 10:11:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:4623 https://access.redhat.com/errata/RHSA-2021:4623

Comment 8 errata-xmlrpc 2021-11-11 10:19:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:4619 https://access.redhat.com/errata/RHSA-2021:4619


Note You need to log in before you can comment on or make changes to this bug.