| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
A security issue has been found in FreeRDP before version 2.4.1. Improper client input validation for gateway connections (/gt:rpc) allows a malicious gateway to overwrite client memory. |
|
| References |
| + |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq |
| + |
https://github.com/FreeRDP/FreeRDP/commit/07b789c88010766c230c8f10ac748523b86e9305 |
|
| Notes |
| + |
Workaround |
| + |
========== |
| + |
|
| + |
The issue can be mitigated by using a /gt:http connection or a direct connection without gateway. |
|