DEBIAN-CVE-2022-41877

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-41877

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-41877.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-41877

Upstream

CVE-2022-41877

Published

2022-11-16T20:15:10Z

Modified

2025-09-19T07:32:27.714588Z

Summary

[none]

Details

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options /drive, +drives or +home-drive.

References

https://security-tracker.debian.org/tracker/CVE-2022-41877

Affected packages

Debian:11 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.0+dfsg1-2+deb11u2

Affected versions

2.*

2.3.0+dfsg1-2

2.3.0+dfsg1-2+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}