Bug 1219049 (CVE-2024-22211) - VUL-0: CVE-2024-22211: freerdp: In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow.
Summary: VUL-0: CVE-2024-22211: freerdp: In affected versions an integer overflow in `...
Status: NEW
Alias: CVE-2024-22211
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Daike Yu
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/391818/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-22211:7.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-22 04:47 UTC by SMASH SMASH
Modified: 2024-06-18 08:40 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-01-22 04:47:48 UTC 
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22211
https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff
https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59
https://www.cve.org/CVERecord?id=CVE-2024-22211
Comment 4 Maintenance Automation 2024-02-28 12:30:01 UTC 
SUSE-SU-2024:0649-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1219049
CVE References: CVE-2024-22211
Sources used:
openSUSE Leap 15.4 (src): freerdp-2.4.0-150400.3.26.1
openSUSE Leap 15.5 (src): freerdp-2.4.0-150400.3.26.1
SUSE Package Hub 15 15-SP5 (src): freerdp-2.4.0-150400.3.26.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): freerdp-2.4.0-150400.3.26.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): freerdp-2.4.0-150400.3.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Maintenance Automation 2024-02-28 12:30:03 UTC 
SUSE-SU-2024:0648-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1219049
CVE References: CVE-2024-22211
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): freerdp-2.1.2-12.41.1
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): freerdp-2.1.2-12.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Manfred Schwarb 2024-03-02 23:47:37 UTC 
This fixes https://bugzilla.opensuse.org/show_bug.cgi?id=1218274