Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-41160 PoC — Improper region checks in FreeRDP allow out of bound write to memory

Source
https://github.com/Jajangjaman/CVE-2021-41160
Associated Vulnerability
Title:Improper region checks in FreeRDP allow out of bound write to memory (CVE-2021-41160)
Description:FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
Description
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of CVE project by @Sn0wAlice
Readme
# CVE-2021-41160

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

| authentication | complexity | vector |
| --- | --- | --- |
| NONE | MEDIUM | NETWORK |

| confidentiality | integrity | availability |
| --- | --- | --- |
| PARTIAL | PARTIAL | PARTIAL |

## CVSS Score: **6.8**

## References

* https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg

* https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/

* https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCR73EDVPLI6TRWRAWJCJ7OBYDKBB74/

* https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIZUPVRGCWUDAPDOQVUGUIYUO7UWKMXX/

* https://security.gentoo.org/glsa/202210-24

## Brut File

* [CVE-2021-41160.json](./data_brut.json)



## About this repository
This repository is part of the project [Live Hack CVE](https://github.com/Live-Hack-CVE). Made by [Sn0wAlice](https://github.com/Sn0wAlice) for the people that care about security and need to have a feed of the latest CVEs. Hope you enjoy it, don't forget to star the repo and follow me on [Twitter](https://twitter.com/Sn0wAlice) and [Github](https://github.com/Sn0wAlice)
File Snapshot

 [4.0K]  /data/pocs/c3e7ad08d14f481e39b3fe7015d61783ba6e6aab
├── [5.7K]  data_brut.json
└── [1.7K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →