FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (/gt:rpc) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "35"
}
],
"vendor_product": "fedoraproject:fedora"
}
]
}