FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d6310a1308 advisory.

    Update to 2.8.1 (CVE-2022-39282, CVE-2022-39283).

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the freerdp-2.4.1-5.el9 build changelog.

  - Fix length checks in parallel driver (#2136152) (CVE-2022-39282)

  - Add missing length check in video channel (#2136154) (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - Add missing length checks in zgfx (#2145140) (CVE-2022-39317)

  - Fix division by zero in urbdrc channel (#2145140) (CVE-2022-39318)

  - Add missing length checks in urbdrc channel (#2145140) (CVE-2022-39319)

  - Ensure urb_create_iocompletion uses size_t (#2145140) (CVE-2022-39320)

  - Fix path validation in drive channel (#2145140) (CVE-2022-39347)

  - Add missing length check in drive channel (#2145140) (CVE-2022-41877)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3654 advisory.

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    In affected versions a malicious server might trigger out of bound writes in a connected client.
    Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0`     width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the     memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not     allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160)

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side     authentication against a `SAM` file might be successful for invalid credentials if the server has     configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations     using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this     issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path     configured is valid and the application has file handles left. (CVE-2022-24883)

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with     division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users     unable to upgrade should not use the `/usb` redirection switch. (CVE-2022-39318)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to     read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and     all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
    (CVE-2022-39319)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP     based client to read files outside the shared directory. This issue has been addressed in version 2.9.0     and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or     `+home-drive` redirection switch. (CVE-2022-39347)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read     out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all     users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel -     command line options `/drive`, `+drives` or `+home-drive`. (CVE-2022-41877)

  - An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde     InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to     privilege escalation. (CVE-2023-39283)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2851 advisory.

    - CVE-2022-39282: Fix length checks in parallel driver (#2136151)
    - CVE-2022-39283: Add missing length check in video channel (#2136153)
    - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145139)
    - CVE-2022-39318: Fix division by zero in urbdrc channel (#2145139)
    - CVE-2022-39319: Add missing length checks in urbdrc channel (#2145139)
    - CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145139)
    - CVE-2022-39347: Fix path validation in drive channel (#2145139)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2851 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a     range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no     known workarounds for this issue. (CVE-2022-39317)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with     division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users     unable to upgrade should not use the `/usb` redirection switch. (CVE-2022-39318)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to     read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and     all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
    (CVE-2022-39319)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt     integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A     malicious server can trick a FreeRDP based client to read out of bound data and send it back to the     server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable     to upgrade should not use the `/usb` redirection switch. (CVE-2022-39320)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP     based client to read files outside the shared directory. This issue has been addressed in version 2.9.0     and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or     `+home-drive` redirection switch. (CVE-2022-39347)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read     out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all     users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel -     command line options `/drive`, `+drives` or `+home-drive`. (CVE-2022-41877)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2851 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a     range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no     known workarounds for this issue. (CVE-2022-39317)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with     division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users     unable to upgrade should not use the `/usb` redirection switch. (CVE-2022-39318)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to     read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and     all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
    (CVE-2022-39319)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt     integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A     malicious server can trick a FreeRDP based client to read out of bound data and send it back to the     server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable     to upgrade should not use the `/usb` redirection switch. (CVE-2022-39320)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP     based client to read files outside the shared directory. This issue has been addressed in version 2.9.0     and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or     `+home-drive` redirection switch. (CVE-2022-39347)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read     out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all     users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel -     command line options `/drive`, `+drives` or `+home-drive`. (CVE-2022-41877)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2851 advisory.

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

    Security Fix(es):

    * freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282)

    * freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283)

    * freerdp: out of bounds read in zgfx decoder (CVE-2022-39316)

    * freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317)

    * freerdp: division by zero in urbdrc channel (CVE-2022-39318)

    * freerdp: missing length validation in urbdrc channel (CVE-2022-39319)

    * freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320)

    * freerdp: missing path sanitation with `drive` channel (CVE-2022-39347)

    * freerdp: missing input length validation in `drive` channel (CVE-2022-41877)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2326 advisory.

    - CVE-2022-39282: Fix length checks in parallel driver (#2136152)
    - CVE-2022-39283: Add missing length check in video channel (#2136154)
    - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145140)
    - CVE-2022-39318: Fix division by zero in urbdrc channel (#2145140)
    - CVE-2022-39319: Add missing length checks in urbdrc channel (#2145140)
    - CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145140)
    - CVE-2022-39347: Fix path validation in drive channel (#2145140)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2326 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a     range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no     known workarounds for this issue. (CVE-2022-39317)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with     division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users     unable to upgrade should not use the `/usb` redirection switch. (CVE-2022-39318)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to     read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and     all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
    (CVE-2022-39319)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt     integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A     malicious server can trick a FreeRDP based client to read out of bound data and send it back to the     server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable     to upgrade should not use the `/usb` redirection switch. (CVE-2022-39320)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP     based client to read files outside the shared directory. This issue has been addressed in version 2.9.0     and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or     `+home-drive` redirection switch. (CVE-2022-39347)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read     out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all     users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel -     command line options `/drive`, `+drives` or `+home-drive`. (CVE-2022-41877)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2326 advisory.

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

    Security Fix(es):

    * freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282)

    * freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283)

    * freerdp: out of bounds read in zgfx decoder (CVE-2022-39316)

    * freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317)

    * freerdp: division by zero in urbdrc channel (CVE-2022-39318)

    * freerdp: missing length validation in urbdrc channel (CVE-2022-39319)

    * freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320)

    * freerdp: missing path sanitation with `drive` channel (CVE-2022-39347)

    * freerdp: missing input length validation in `drive` channel (CVE-2022-41877)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the dd271de6-b444-11ed-9268-b42e991fc52e advisory.

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a     range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no     known workarounds for this issue. (CVE-2022-39317)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with     division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users     unable to upgrade should not use the `/usb` redirection switch. (CVE-2022-39318)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP     based client to read files outside the shared directory. This issue has been addressed in version 2.9.0     and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or     `+home-drive` redirection switch. (CVE-2022-39347)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read     out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all     users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel -     command line options `/drive`, `+drives` or `+home-drive`. (CVE-2022-41877)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1930 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

  - FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of     bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in     the 2.9.0 release. Users are advised to upgrade. (CVE-2022-39316)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a     range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to     read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no     known workarounds for this issue. (CVE-2022-39317)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with     division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users     unable to upgrade should not use the `/usb` redirection switch. (CVE-2022-39318)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to     read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and     all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
    (CVE-2022-39319)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt     integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A     malicious server can trick a FreeRDP based client to read out of bound data and send it back to the     server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable     to upgrade should not use the `/usb` redirection switch. (CVE-2022-39320)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP     based client to read files outside the shared directory. This issue has been addressed in version 2.9.0     and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or     `+home-drive` redirection switch. (CVE-2022-39347)

  - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing     input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read     out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all     users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel -     command line options `/drive`, `+drives` or `+home-drive`. (CVE-2022-41877)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-fd6e43dec8 advisory.

    Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320,     CVE-2022-41877 and CVE-2022-39347).

    ----

    Update to 2.8.1 (CVE-2022-39282, CVE-2022-39283).

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e733724edb advisory.

    Update to 2.8.1 (CVE-2022-39282, CVE-2022-39283).

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5734-1 advisory.

    It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this     issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive     information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
    (CVE-2022-39282, CVE-2022-39283)

    It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this     issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive     information. (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320)

    It was discovered that FreeRDP incorrectly handled certain path checks. A malicious server could use this     issue to cause FreeRDP clients to read files outside of the shared directory. (CVE-2022-39347)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3984-1 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3983-1 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3982-1 advisory.

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202210-24 (FreeRDP: Multiple Vulnerabilities)

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input     data. A malicious gateway might allow client memory to be written out of bounds. This issue has been     resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections     if possible or use a direct connection without a gateway. (CVE-2021-41159)

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    In affected versions a malicious server might trigger out of bound writes in a connected client.
    Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0`     width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the     memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not     allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160)

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN     Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This     issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is     patched in FreeRDP 2.7.0. There are currently no known workarounds. (CVE-2022-24882)

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side     authentication against a `SAM` file might be successful for invalid credentials if the server has     configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations     using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this     issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path     configured is valid and the application has file handles left. (CVE-2022-24883)

  - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using     `/parallel` command line switch might read uninitialized data and send it to the server the client is     currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1     where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel`     command line switch) as a workaround. (CVE-2022-39282)

  - FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the     `/video` command line switch might read uninitialized data, decode it as audio/video and display the     result. FreeRDP based server implementations are not affected. This issue has been patched in version     2.8.1. If you cannot upgrade do not use the `/video` switch. (CVE-2022-39283)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211186	Fedora 37 : freerdp (2022-d6310a1308)	Nessus	Fedora Local Security Checks	high
193924	CentOS 9 : freerdp-2.4.1-5.el9	Nessus	CentOS Local Security Checks	high
185962	Debian DLA-3654-1 : freerdp2 - LTS security update	Nessus	Debian Local Security Checks	critical
176314	Oracle Linux 8 : freerdp (ELSA-2023-2851)	Nessus	Oracle Linux Local Security Checks	high
176173	AlmaLinux 8 : freerdp (ALSA-2023:2851)	Nessus	Alma Linux Local Security Checks	high
175905	CentOS 8 : freerdp (CESA-2023:2851)	Nessus	CentOS Local Security Checks	high
175865	RHEL 8 : freerdp (RHSA-2023:2851)	Nessus	Red Hat Local Security Checks	high
175710	Oracle Linux 9 : freerdp (ELSA-2023-2326)	Nessus	Oracle Linux Local Security Checks	high
175639	AlmaLinux 9 : freerdp (ALSA-2023:2326)	Nessus	Alma Linux Local Security Checks	high
175472	RHEL 9 : freerdp (RHSA-2023:2326)	Nessus	Red Hat Local Security Checks	high
171898	FreeBSD : freerdp -- clients using the `/video` command line switch might read uninitialized data (dd271de6-b444-11ed-9268-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
171166	EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2023-1313)	Nessus	Huawei Local Security Checks	high
171054	Amazon Linux 2 : (ALAS-2023-1930)	Nessus	Amazon Linux Local Security Checks	high
169196	Fedora 36 : freerdp (2022-fd6e43dec8)	Nessus	Fedora Local Security Checks	high
169084	Fedora 35 : freerdp (2022-e733724edb)	Nessus	Fedora Local Security Checks	high
168146	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : FreeRDP vulnerabilities (USN-5734-1)	Nessus	Ubuntu Local Security Checks	high
167769	SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2022:3984-1)	Nessus	SuSE Local Security Checks	high
167735	SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2022:3983-1)	Nessus	SuSE Local Security Checks	high
167729	SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2022:3982-1)	Nessus	SuSE Local Security Checks	high
166721	GLSA-202210-24 : FreeRDP: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical

Detections

Analytics

CVE-2022-39283

high

Tenable Plugins

high

high

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical