CVE-2022-39318 MEDIUM

CVE-2022-39318: Division by zero in urbdrc channel in FreeRDP

Vendor Freerdp

Product FreeRDP

Weakness CWE-20 · Input validation

Published November 16, 2022

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

Key dates

02Disclosure timeline

November 16, 2022 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39318 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2022-39318: Division by zero in urbdrc channel in FreeRDP

01Description

02Disclosure timeline

03References

04Related CVE