Home > Vulnerability Database > CVE-2023-40576

Mend.io Vulnerability Database

CVE-2023-40576

Date: August 31, 2023

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the "RleDecompress" function. This Out-Of-Bounds Read occurs because FreeRDP processes the "pbSrcBuffer" variable without checking if it contains data of sufficient length. Insufficient data in the "pbSrcBuffer" variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

Language: C

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40576

Url: https://security.gentoo.org/glsa/202401-16

Url: https://access.redhat.com/security/cve/CVE-2023-40576

Url: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2

Url: https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/include/bitmap.c#L94-L113

Url: https://www.mend.io/vulnerability-database/CVE-2023-40576

Severity Score

5.3

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40576

Date: August 31, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?