Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mageia 8: MGASA-2021-0522 Critical: FreeRDP Input Validation Problem

mageia
Calendar Grey November 25, 2021
Dist Mageia Esm H88
Updated FreeRDP clients in Mageia address input validation vulnerabilities that could result in memory corruption. Discover the details today.
All FreeRDP clients prior to version 2.4.1 using gateway connections ('/gt:rpc') fail to validate input data

Summary

All FreeRDP clients prior to version 2.4.1 using gateway connections ('/gt:rpc') fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. (CVE-2021-41159)
In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160)

References

- https://bugs.mageia.org/show_bug.cgi?id=29654

- https://access.redhat.com/errata/RHSA-2021:4622

- https://www.cve.org/CVERecord?id=CVE-2021-41159

- https://www.cve.org/CVERecord?id=CVE-2021-41160

Resolution

SRPMS

- 8/core/freerdp-2.2.0-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0522.html
Type: security
CVE: CVE-2021-41159, CVE-2021-41160

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here