CVE-2021-41160

NameCVE-2021-41160
DescriptionFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3654-1, DLA-4053-1
Debian Bugs1001062

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freerdp2 (PTS)bullseye2.3.0+dfsg1-2+deb11u1vulnerable
bullseye (security)2.3.0+dfsg1-2+deb11u3fixed
bookworm2.10.0+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freerdpsource(unstable)(unfixed)
freerdp2sourcebuster2.3.0+dfsg1-2+deb10u4DLA-3654-1
freerdp2sourcebullseye2.3.0+dfsg1-2+deb11u2DLA-4053-1
freerdp2source(unstable)2.4.1+dfsg1-11001062

Notes

[stretch] - freerdp <no-dsa> (Minor issue)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
https://github.com/FreeRDP/FreeRDP/pull/7349
https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692
Search for package or bug name: Reporting problems