CVE-2021-37594: 
NixOS vulnerability analysis and mitigation

In FreeRDP before version 2.4.0 on Windows, a vulnerability was identified in the wfcliprdrserverfilecontentsrequest function within client/Windows/wfcliprdr.c. The issue stems from missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. This vulnerability was assigned CVE-2021-37594 and was discovered in July 2021 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-20 (Improper Input Validation). The vulnerability specifically affects the file contents request handling in the Windows client implementation of FreeRDP (NVD).

Given the CRITICAL CVSS score of 9.8, this vulnerability could potentially allow attackers to execute unauthorized actions with significant impact on the confidentiality, integrity, and availability of the affected systems. The vulnerability affects Windows systems running FreeRDP versions prior to 2.4.0 (NVD).

The vulnerability has been fixed in FreeRDP version 2.4.0. The fix includes additional input validation checks for file contents requests. Users are advised to upgrade to version 2.4.0 or later to address this security issue (FreeRDP Commit).