Bug 1214858 (CVE-2023-39352) - VUL-0: CVE-2023-39352: freerdp: Invalid offset validation leading to Out Of Bound Write
Summary: VUL-0: CVE-2023-39352: freerdp: Invalid offset validation leading to Out Of B...
Status: RESOLVED FIXED
Alias: CVE-2023-39352
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/376901/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-39352:5.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-01 06:17 UTC by Alexander Bergmann
Modified: 2024-06-26 10:32 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2023-09-01 06:17:16 UTC
CVE-2023-39352

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released
under the Apache license. Affected versions are subject to an invalid offset
validation leading to Out Of Bound Write. This can be triggered when the values
`rect->left` and `rect->top` are exactly equal to `surface->width` and 
`surface->height`. eg. `rect->left` == `surface->width` && `rect->top` ==
`surface->height`. In practice this should cause a crash. This issue has been
addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade.
There are no known workarounds for this vulnerability.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39352
https://www.cve.org/CVERecord?id=CVE-2023-39352
https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gfx.c#L1219-L1239
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj
Comment 1 Cathy Hu 2023-09-29 07:19:05 UTC
Any updates here? our tools still show these as affected:
- SUSE:SLE-12-SP2:Update/freerdp
- SUSE:SLE-15-SP4:Update/freerdp
Comment 6 Maintenance Automation 2023-11-29 16:30:09 UTC
SUSE-SU-2023:4611-1: An update that solves 15 vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1214856, 1214857, 1214858, 1214859, 1214860, 1214862, 1214863, 1214864, 1214866, 1214867, 1214868, 1214869, 1214870, 1214871, 1214872
CVE References: CVE-2023-39350, CVE-2023-39351, CVE-2023-39352, CVE-2023-39353, CVE-2023-39354, CVE-2023-39356, CVE-2023-40181, CVE-2023-40186, CVE-2023-40188, CVE-2023-40567, CVE-2023-40569, CVE-2023-40574, CVE-2023-40575, CVE-2023-40576, CVE-2023-40589
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): freerdp-2.1.2-12.38.1
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): freerdp-2.1.2-12.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2023-12-18 16:30:01 UTC
SUSE-SU-2023:4893-1: An update that solves 15 vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1214856, 1214857, 1214858, 1214859, 1214860, 1214862, 1214863, 1214864, 1214866, 1214867, 1214868, 1214869, 1214870, 1214871, 1214872
CVE References: CVE-2023-39350, CVE-2023-39351, CVE-2023-39352, CVE-2023-39353, CVE-2023-39354, CVE-2023-39356, CVE-2023-40181, CVE-2023-40186, CVE-2023-40188, CVE-2023-40567, CVE-2023-40569, CVE-2023-40574, CVE-2023-40575, CVE-2023-40576, CVE-2023-40589
Sources used:
openSUSE Leap 15.4 (src): freerdp-2.4.0-150400.3.23.1
openSUSE Leap 15.5 (src): freerdp-2.4.0-150400.3.23.1
SUSE Package Hub 15 15-SP4 (src): freerdp-2.4.0-150400.3.23.1
SUSE Package Hub 15 15-SP5 (src): freerdp-2.4.0-150400.3.23.1
SUSE Linux Enterprise Workstation Extension 15 SP4 (src): freerdp-2.4.0-150400.3.23.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): freerdp-2.4.0-150400.3.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Carlos López 2024-05-28 11:55:35 UTC
Done, closing.