DEBIAN-CVE-2023-40567

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-40567
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-40567.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-40567
Upstream
Published
2023-08-31T22:15:08Z
Modified
2025-09-19T07:33:25.412924Z
Summary
[none]
Details

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the clear_decompress_bands_data function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.

References

Affected packages

Debian:11 / freerdp2

Package

Name
freerdp2
Purl
pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.0+dfsg1-2+deb11u2

Affected versions

2.*

2.3.0+dfsg1-2
2.3.0+dfsg1-2+deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}