Vulnerabilities > CVE-2021-41159 - Out-of-bounds Write vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

freerdp

fedoraproject

CWE-787

NVD

Published: 2021-10-21

Updated: 2023-11-07

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

Vulnerable Configurations

Part	Description	Count
Application	Freerdp Freerdp Freerdp - Freerdp Freerdp 1.0.0 Freerdp Freerdp 1.0.1 Freerdp Freerdp 1.0.2 Freerdp Freerdp 1.1.0 Freerdp Freerdp 1.2.0 Freerdp Freerdp 2.0.0 Freerdp Freerdp 2.1.0 Freerdp Freerdp 2.1.1 Freerdp Freerdp 2.1.2 Freerdp Freerdp 2.2.0 Freerdp Freerdp 2.3.0 Freerdp Freerdp 2.3.1 Freerdp Freerdp 2.3.2 Freerdp Freerdp 2.4.0	32
OS	Fedoraproject Fedoraproject Fedora 35	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References