Debian 11: DLA-4070-1 moderate: freerdp2 buffer overreads and NTLM issue
debian lts
February 27, 2025
Multiple vulnerabilties have been found in freelrdp2, a free implementation of the Remote Desktop Protocol (RDP) which potentially allows potential buffer overreads or not properly...
Summary
Additonally this update fixes a regression with DLA-4053-1 affecting
drive sharing.
CVE-2022-24882
FreeRDP is a free implementation of the Remote Desktop Protocol
(RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM)
authentication does not properly abort when someone provides and
empty password value. This issue affects
FreeRDP based RDP Server implementations. RDP clients are not
affected.
CVE-2022-39320
FreeRDP is a free remote desktop protocol library and clients.
Affected versions of FreeRDP may attempt integer addition on too
narrow types leads to allocation of a buffer too small holding the
data written. A malicious server can trick a FreeRDP based client to
read out of bound data and send it back to the server. This issue
has been addressed in version 2.9.0 and all users are advised to
upgrade. Users unable to upgrade should not use the `/usb`
redirection switch.
For Debian 11 bullseye, these problems have been fixed in version
2.3.0+dfsg1-2+deb11u3.
PREVIOUS
NEXT
Package: freerdp2
Version: 2.3.0+dfsg1-2+deb11u3
CVE ID: CVE-2022-24882 CVE-2022-39320
Debian Bug: 1024511 1098355
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!