Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8, 9 MGASA-2023-0318 Critical FreeRDP Denial Of Service

mageia
Calendar Grey November 15, 2023
Dist Mageia Esm H88
MGASA-2023-0319 Enhancements Strengthen FreeRDP Security through Various Patches Released on December 10, 2023
This issue affects Clients only: Integer underflow leading to DOS (e.g

Summary

This issue affects Clients only: Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. (CVE-2023-39350)

Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. (CVE-2023-39351)
Affected versions are subject to a missing o...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32360

- https://ubuntu.com/security/notices/USN-6401-1

- https://www.cve.org/CVERecord?id=CVE-2023-39350

- https://www.cve.org/CVERecord?id=CVE-2023-39351

- https://www.cve.org/CVERecord?id=CVE-2023-39353

- https://www.cve.org/CVERecord?id=CVE-2023-39354

- https://www.cve.org/CVERecord?id=CVE-2023-40181

- https://www.cve.org/CVERecord?id=CVE-2023-40186

- https://www.cve.org/CVERecord?id=CVE-2023-40188

- https://www.cve.org/CVERecord?id=CVE-2023-40567

- https://www.cve.org/CVERecord?id=CVE-2023-40569

- https://www.cve.org/CVERecord?id=CVE-2023-40589

Topics%20covered

Topics Covered

security advisory denial of service critical security fix integer underflow Mageia FreeRDP

Resolution

SRPMS

- 9/core/freerdp-2.10.0-2.1.mga9

- 8/core/freerdp-2.9.0-1.2.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 15 Nov 2023
URL: https://advisories.mageia.org/MGASA-2023-0318.html
Type: security
CVE: CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354, CVE-2023-40181, CVE-2023-40186, CVE-2023-40188, CVE-2023-40567, CVE-2023-40569, CVE-2023-40589

Topics%20covered

Topics Covered

security advisory denial of service critical security fix integer underflow Mageia FreeRDP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here