Home > Vulnerability Database > CVE-2022-39319

Mend.io Vulnerability Database

CVE-2022-39319

Good to know:

Date: November 16, 2022

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

Language: C

Severity Score

4.6

Related Resources (12)

Url: https://security-tracker.debian.org/tracker/CVE-2022-39319

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

Url: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39319

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

Url: https://access.redhat.com/security/cve/CVE-2022-39319

Url: https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html

Url: https://security.gentoo.org/glsa/202401-16

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

Url: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76

Url: https://www.mend.io/vulnerability-database/CVE-2022-39319

Severity Score

4.6

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version 2.9.0

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39319

Good to know:

Date: November 16, 2022

Language: C

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?