{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-41159", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-04T02:59:31.631Z", "dateReserved": "2021-09-15T00:00:00.000Z", "datePublished": "2021-10-21T00:00:00.000Z"}, "containers": {"cna": {"title": "Improper client input validation for FreeRDP gateway connections allows to overwrite memory", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-10-31T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway."}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"version": "< 2.4.1", "status": "affected"}]}], "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq"}, {"name": "FEDORA-2021-2c25f03d0b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/"}, {"name": "GLSA-202210-24", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-24"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "cweId": "CWE-787"}]}], "source": {"advisory": "GHSA-vh34-m9h7-95xq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:59:31.631Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq", "tags": ["x_transferred"]}, {"name": "FEDORA-2021-2c25f03d0b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/"}, {"name": "GLSA-202210-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-24"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "41597AE5-E68B-4677-9549-368C63ACA45E", "versionEndExcluding": "2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway."}, {"lang": "es", "value": "FreeRDP es una implementaci\u00f3n libre del Protocolo de Escritorio Remoto (RDP), publicada bajo la licencia Apache. Todos los clientes de FreeRDP versiones anteriores a 2.4.1, que usaban conexiones de puerta de enlace (\"/gt:rpc\") no comprueban los datos de entrada. Una puerta de enlace maliciosa podr\u00eda permitir que la memoria del cliente se escribiera fuera de l\u00edmites. Este problema se ha resuelto en la versi\u00f3n 2.4.1. Si no puede actualizar, use conexiones \"/gt:http\" en lugar de /gt:rdp si es posible o use una conexi\u00f3n directa sin puerta de enlace"}], "id": "CVE-2021-41159", "lastModified": "2024-11-21T06:25:37.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-21T19:15:07.797", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-24"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4619", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "freerdp-0:2.1.1-5.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4622", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "freerdp-2:2.2.0-7.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4620", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "freerdp-2:2.0.0-46.rc4.el8_1.5", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4621", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "freerdp-2:2.0.0-46.rc4.el8_2.5", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4623", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "freerdp-2:2.2.0-6.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2021-11-11T00:00:00Z"}], "bugzilla": {"description": "freerdp: improper client input validation for gateway connections allows to overwrite memory", "id": "2016403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016403"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.", "A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system."], "name": "CVE-2021-41159", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41159\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41159"], "threat_severity": "Important"}

{}