CVE-2021-41160
In affected versions a malicious server might trigger out of bound
writes in a connected client. Connections using GDI or SurfaceCommands
to send graphics updates to the client might send `0` width/height or
out of bound rectangles to trigger out of bound writes. With `0` width
or heigth the memory allocation will be `0` but the missing bounds
checks allow writing to the pointer at this (not allocated) region.
CVE-2022-24883
Prior to version 2.7.0, server side authentication against a `SAM` file
might be successful for invalid credentials if the server has configured
an invalid `SAM` file path. FreeRDP based clients are not affected. RDP
server implementations using FreeRDP to authenticate against a `SAM`
file are affected. Version 2.7.0 contains a fix for this issue. As a
workaround, use custom authentication via `HashCallback` and/or ensure
the `SAM` database path configured is valid and the application has file
handles left.
Get the latest Linux and open source security news straight to your inbox.