CVE-2023-39354

Source
https://cve.org/CVERecord?id=CVE-2023-39354
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39354.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-39354
Aliases
  • GHSA-c3r2-pxxp-f8r6
Downstream
Related
Published
2023-08-31T19:36:28.542Z
Modified
2026-07-09T14:25:37.938689Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
FreeRDP Out-Of-Bounds Read in nsc_rle_decompress_data
Details

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the nsc_rle_decompress_data function. The Out-Of-Bounds Read occurs because it processes context->Planes without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39354.json",
    "cwe_ids": [
        "CWE-125"
    ]
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": [
        "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.11.0"
        },
        {
            "introduced": "3.0.0-beta1"
        },
        {
            "last_affected": "3.0.0-beta1"
        },
        {
            "introduced": "3.0.0-beta2"
        },
        {
            "last_affected": "3.0.0-beta2"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.1.0
2.1.1
2.1.2
2.10.0
2.2.0
2.3.0
2.3.1
2.3.2
2.4.1
2.5.0
2.6.0
2.6.1
2.7.0
2.8.0
2.8.1
2.9.0
3.*
3.0.0-beta1
3.0.0-beta2

Database specific

vanir_signatures
[
    {
        "id": "CVE-2023-39354-07953982",
        "source": "https://github.com/freerdp/freerdp/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec",
        "signature_type": "Function",
        "target": {
            "file": "libfreerdp/codec/nsc.c",
            "function": "nsc_rle_decode"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "227645098702920897722399786104218899711",
            "length": 854.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2023-39354-39aeeb3f",
        "source": "https://github.com/freerdp/freerdp/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec",
        "signature_type": "Line",
        "target": {
            "file": "libfreerdp/codec/nsc_types.h"
        },
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "123582285167663769338341195027140648392",
                "209804153476220740174305888653063235139",
                "241757855125844276388765278512457713246",
                "179585166811709962021743128680035653314"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "id": "CVE-2023-39354-6b155cf3",
        "source": "https://github.com/freerdp/freerdp/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec",
        "signature_type": "Function",
        "target": {
            "file": "libfreerdp/codec/nsc.c",
            "function": "nsc_rle_decompress_data"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "150007567039752564916414637537899547140",
            "length": 737.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2023-39354-b4ca54c9",
        "source": "https://github.com/freerdp/freerdp/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec",
        "signature_type": "Line",
        "target": {
            "file": "libfreerdp/codec/nsc.c"
        },
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "250178124142207418393331080828240113658",
                "321182183397613447571498679207254403223",
                "301415756260293339095501592302150766739",
                "240905790204619008903806382433087795439",
                "118494738548475194551959233760285643868",
                "277306073334495933612579467180323801735",
                "87737890863243103794752534053072494746",
                "156393909329298573555265176750289990365",
                "161811641437175650723588941164817196215",
                "283857799873118748120387690001911695273",
                "291766332945540239478465706287076808732",
                "301089306180167085693971087223036504842",
                "6002239866669080581566310950601035677",
                "252284156122299689129265873188512047386",
                "23483620984783465817062723672124218562",
                "288452946707311510173135259745546889882",
                "226379668947525836027385906600569117824",
                "19287231287907857042225931313467712643",
                "261145021561412010306468050567499632474",
                "328703999023281544499204192989557699360",
                "284170130230110394051790079950846466585",
                "12445669493864267667457417044870901374",
                "310949963343327725005750406837384968167",
                "57623227396509798319498495538040399862",
                "326234836329751615857714331390187903944",
                "59420444909444536915865445931643645923",
                "2137765066437448295598675362217417653",
                "269661033068971035552170611996211186198",
                "54383102417166118466847785292607015365",
                "106683909681454151943885189537091285594",
                "244825513710967828033265126895879464952",
                "24055499540214911007344701091703989279",
                "157496067493061207555117538932521561551",
                "258101359744560636965892631708393080867",
                "123269398750748683484275736165616502458",
                "174009819402698325786143062469359650284",
                "316202520907451977498493386513348257261",
                "206650018183930193025884714300700235031",
                "185608383168243951596798408035876868704",
                "10175151523337413196144430890346730751",
                "277785289262369510617450755399671044666",
                "48344597623850180610915791936665659731",
                "259339560581869164122224349390400933443"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "id": "CVE-2023-39354-e6d6dcd4",
        "source": "https://github.com/freerdp/freerdp/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec",
        "signature_type": "Function",
        "target": {
            "file": "libfreerdp/codec/nsc.c",
            "function": "nsc_stream_initialize"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "157210949240832481899102757688489241832",
            "length": 560.0
        },
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39354.json"
vanir_signatures_modified
"2026-07-09T14:25:37Z"