CVE-2021-41159

Published: Oct 21, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

5.8

MEDIUM

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

Vendor	Product	Versions
FreeRDP	FreeRDP	affected `< 2.4.1`

Weaknesses (CWE)

CWE-787

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq

FEDORA-2021-2c25f03d0b

vendor-advisory

GLSA-202210-24

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-41159

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References