How severe is CVE-2022-39320?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2022-39320?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2022-39320 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

Related Vulnerabilities

CVE-2018-14780

MEDIUM

CVSS:4.6(Medium)

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw =...

CWE-1252018

CVE-2018-19985

MEDIUM

CVSS:4.6(Medium)

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-o...

CWE-1252018

CVE-2021-1897

MEDIUM

CVSS:4.6(Medium)

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna...

CWE-1252021

CVE-2021-1898

MEDIUM

CVSS:4.6(Medium)

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...

CWE-1252021

CVE-2021-1899

MEDIUM

CVSS:4.6(Medium)

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CWE-1252021

CVE-2021-1901

MEDIUM

CVSS:4.6(Medium)

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable...

CWE-1252021