CVE-2023-39350

Name	CVE-2023-39350
Description	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3606-1
Debian Bugs	1051638

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
freerdp2 (PTS)	bullseye	2.3.0+dfsg1-2+deb11u1	vulnerable
	bookworm	2.10.0+dfsg1-1	vulnerable
	sid, trixie	2.11.7+dfsg1-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
freerdp2	source	buster	2.3.0+dfsg1-2+deb10u3		DLA-3606-1
freerdp2	source	(unstable)	2.11.2+dfsg1-1			1051638

Notes

[bookworm] - freerdp2 <no-dsa> (Minor issue)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh
https://github.com/FreeRDP/FreeRDP/commit/7ece410ce5b5660b9191e1ccb6835158afa11822 (2.11.0)
Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0)