akallabeth

49 exploits Active since May 2020
CVE-2022-39316 WRITEUP MEDIUM WRITEUP
Freerdp < 2.9.0 - Out-of-Bounds Read
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.
CVSS 4.8
CVE-2022-39318 WRITEUP MEDIUM WRITEUP
Freerdp < 2.9.0 - Divide By Zero
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
CVSS 4.8
CVE-2022-39319 WRITEUP MEDIUM WRITEUP
Freerdp < 2.9.0 - Out-of-Bounds Read
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
CVSS 4.6
CVE-2022-39347 WRITEUP LOW WRITEUP
Freerdp < 2.9.0 - Path Traversal
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.
CVSS 2.6
CVE-2022-41877 WRITEUP MEDIUM WRITEUP
FreeRDP <2.9.0 - Buffer Overflow
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.
CVSS 4.6
CVE-2023-39354 WRITEUP MEDIUM WRITEUP
Freerdp < 2.11.0 - Out-of-Bounds Read
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.9
CVE-2024-32658 WRITEUP CRITICAL WRITEUP
Freerdp < 2.11.7 - Out-of-Bounds Read
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS 9.8
CVE-2024-32659 WRITEUP CRITICAL WRITEUP
Freerdp < 2.11.7 - Out-of-Bounds Read
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS 9.8
CVE-2024-32660 WRITEUP HIGH WRITEUP
Freerdp < 2.11.7 - Resource Allocation Without Limits
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS 7.5
CVE-2024-32661 WRITEUP HIGH WRITEUP
Freerdp < 3.5.1 - NULL Pointer Dereference
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS 7.5
CVE-2024-32662 WRITEUP HIGH WRITEUP
Freerdp < 3.5.1 - Out-of-Bounds Read
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS 7.5
CVE-2025-68118 WRITEUP CRITICAL WRITEUP
Freerdp < 3.20.0 - Out-of-Bounds Read
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function `freerdp_certificate_data_hash_ uses` the Microsoft-specific `_snprintf` function to format certificate cache filenames without guaranteeing NUL termination when truncation occurs. According to Microsoft documentation, `_snprintf` does not append a terminating NUL byte if the formatted output exceeds the destination buffer size. If an attacker controls the hostname value (for example via server redirection or a crafted .rdp file), the resulting filename buffer may not be NUL-terminated. Subsequent string operations performed on this buffer may read beyond the allocated memory region, resulting in a heap-based out-of-bounds read. In default configurations, the connection is typically terminated before sensitive data can be meaningfully exposed, but unintended memory read or a client crash may still occur under certain conditions. Version 3.20.0 has a patch for the issue.
CVSS 9.1
CVE-2026-23948 WRITEUP HIGH WRITEUP
FreeRDP <3.22.0 - Buffer Overflow
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24491 WRITEUP HIGH WRITEUP
FreeRDP <3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24675 WRITEUP HIGH WRITEUP
FreeRDP <3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24676 WRITEUP HIGH WRITEUP
FreeRDP <3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24677 WRITEUP CRITICAL WRITEUP
FreeRDP <3.22.0 - Memory Corruption
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. This vulnerability is fixed in 3.22.0.
CVSS 9.1
CVE-2026-24678 WRITEUP HIGH WRITEUP
Freerdp < 3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24679 WRITEUP CRITICAL WRITEUP
Freerdp < 3.22.0 - Heap Buffer Overflow
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
CVSS 9.1
CVE-2026-24680 WRITEUP HIGH WRITEUP
Freerdp < 3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24681 WRITEUP HIGH WRITEUP
Freerdp < 3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24682 WRITEUP HIGH WRITEUP
Freerdp < 3.22.0 - Heap Buffer Overflow
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24683 WRITEUP HIGH WRITEUP
Freerdp < 3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.
CVSS 7.5
CVE-2026-24684 WRITEUP HIGH WRITEUP
Freerdp < 3.22.0 - Use After Free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.
CVSS 7.5