FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use -nsc).
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freerdp | Freerdp | * | 2.11.6 (excluding) |
| Freerdp | Freerdp | 3.0.0 (including) | 3.5.0 (excluding) |
| Red Hat Enterprise Linux 9 | RedHat | freerdp-2:2.11.7-1.el9 | * |
| Freerdp2 | Ubuntu | esm-apps/noble | * |
| Freerdp2 | Ubuntu | esm-infra/focal | * |
| Freerdp2 | Ubuntu | focal | * |
| Freerdp2 | Ubuntu | jammy | * |
| Freerdp2 | Ubuntu | mantic | * |
| Freerdp2 | Ubuntu | noble | * |
| Freerdp2 | Ubuntu | oracular | * |
| Freerdp2 | Ubuntu | upstream | * |
| Freerdp3 | Ubuntu | devel | * |
| Freerdp3 | Ubuntu | noble | * |
| Freerdp3 | Ubuntu | oracular | * |
| Freerdp3 | Ubuntu | plucky | * |
| Freerdp3 | Ubuntu | questing | * |
| Freerdp3 | Ubuntu | upstream | * |