CVE-2023-40589

Published: Aug 31, 2023Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

Affected (7)

Products: Freerdp: Freerdp · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Freerdp Freerdp	Before 2.11.0
Freerdp Freerdp	Version 3.0.0 beta1
Freerdp Freerdp	Version 3.0.0 beta2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (15)

https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416

Source: security-advisories@github.com

Patch

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x

Source: security-advisories@github.com

ExploitVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202401-16

Source: security-advisories@github.com

https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202401-16

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.