CVE-2022-39283
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-39283
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39283.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-39283
- Aliases
-
- GHSA-6cf9-3328-qrvh
- Related
- Published
- 2022-10-12T23:15:09Z
- Modified
- 2024-10-12T10:05:52.072504Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the
/videocommand line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the/videoswitch. - References
-
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
- https://security.gentoo.org/glsa/202210-24
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
- https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/
- https://security-tracker.debian.org/tracker/CVE-2022-39283
Affected packages
Debian:11 / freerdp2
Package
- Name
- freerdp2
- Purl
- pkg:deb/debian/freerdp2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.3.0+dfsg1-2
2.3.0+dfsg1-2+deb11u1
2.4.1+dfsg1-1
2.5.0+dfsg1-1
2.6.0+dfsg1-1
2.6.1+dfsg1-1
2.6.1+dfsg1-2
2.6.1+dfsg1-3~bpo11+1
2.6.1+dfsg1-3
2.7.0+dfsg1-1~bpo11+1
2.7.0+dfsg1-1
2.8.0+dfsg1-1
2.8.1+dfsg1-1~bpo11+1
2.8.1+dfsg1-1
2.9.0+dfsg1-1~bpo11+1
2.9.0+dfsg1-1
2.10.0+dfsg1-1~bpo11+1
2.10.0+dfsg1-1
2.10.0+dfsg1-1.1
2.11.2+dfsg1-1
2.11.2+dfsg1-1.1~exp1
2.11.2+dfsg1-1.1~exp2
2.11.5+dfsg1-1
2.11.7+dfsg1-1
2.11.7+dfsg1-2
2.11.7+dfsg1-3
2.11.7+dfsg1-4
Debian:12 / freerdp2
Package
- Name
- freerdp2
- Purl
- pkg:deb/debian/freerdp2?arch=source
Debian:13 / freerdp2
Package
- Name
- freerdp2
- Purl
- pkg:deb/debian/freerdp2?arch=source
Git / github.com/freerdp/freerdp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freerdp/freerdp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.1.0
2.1.1
2.1.2
2.2.0
2.3.0
2.3.1
2.3.2
2.4.1
2.5.0
2.6.0
2.6.1
2.7.0
2.8.0