Use of Uninitialized Resource Affecting freerdp/freerdp package, versions [,2.8.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.2% (59th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-FREERDPFREERDP-3043108
  • published13 Oct 2022
  • disclosed13 Oct 2022
  • creditBT5

Introduced: 13 Oct 2022

CVE-2022-39282  (opens in a new tab)
CWE-908  (opens in a new tab)

How to fix?

Upgrade freerdp/freerdp to version 2.8.1 or higher.

Overview

Affected versions of this package are vulnerable to Use of Uninitialized Resource on unix systems when using /parallel command line switch which leads to reading uninitialized data and sending it to the server the client is currently connected to.

Note FreeRDP based server implementations are not affected.

Workaround

Users who are unable to upgrade, should not use parallel port redirection (/parallel command line switch).

CVSS Base Scores

version 3.1