{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T15:55:29.260","vulnerabilities":[{"cve":{"id":"CVE-2023-39351","sourceIdentifier":"security-advisories@github.com","published":"2023-08-31T20:15:08.280","lastModified":"2025-11-03T21:15:58.483","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.  Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"FreeRDP es una implementación gratuita del Protocolo de Escritorio Remoto (RDP), publicado bajo la licencia Apache. Las versiones afectadas de FreeRDP están sujetas a una desreferencia de puntero nulo que provoca un fallo en el manejo de RemoteFX (rfx). Dentro de la función 'rfx_process_message_tileset', el programa asigna mosaicos utilizando 'rfx_allocate_tiles' para el número de numTiles. Si el proceso de inicialización de los mosaicos no se completa por varias razones, los mosaicos tendrán un puntero NULL. El cual podría ser accedido en un procesamiento posterior y causaría un fallo del programa. Este problema ha sido abordado en las versiones 2.11.0 y 3.0.0-beta3. Se aconseja a los usuarios que actualicen. No existen soluciones alternativas conocidas para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.0","matchCriteriaId":"80B02150-FC4E-43F5-A3DF-D8E585200977"},{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://security.gentoo.org/glsa/202401-16","source":"security-advisories@github.com"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.gentoo.org/glsa/202401-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}