安全公告/【CVE-2023-40186】

基本信息

漏洞名称:
受影响操作系统:Asianux
危险等级:超危
影响源码包:freerdp
CVSS评分:9.8
发现日期:2023-09-26
修复版本:freerdp-2.11.1-1

漏洞描述

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

修复方式

yum update PackageName

漏洞判定

执行命令yum info PackageName获取软件包版本号,版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复

补丁

参考

https://gitee.com/src-openeuler/freerdp/issues/I7XN66
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40186
https://nvd.nist.gov/vuln/detail/CVE-2023-40186