CVE-2022-39282

Published: Oct 12, 2022Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.

Affected (4)

Products: Freerdp: Freerdp · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freerdp Freerdp	Before 2.8.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (15)

https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1

Source: security-advisories@github.com

Release Notes

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq

Source: security-advisories@github.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html

Source: security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/

Source: security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/

Source: security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

Source: security-advisories@github.com

https://security.gentoo.org/glsa/202210-24

Source: security-advisories@github.com

Issue Tracking

https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202210-24

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.