CVE-2023-40569: 
NixOS vulnerability analysis and mitigation

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. A vulnerability identified as CVE-2023-40569 was discovered affecting versions up to 2.10.0 and 3.0.0-beta2. The vulnerability is an Out-Of-Bounds Write in the progressive_decompress function, caused by incorrect calculations of the nXSrc and nYSrc variables (GitHub Advisory).

The vulnerability exists in the progressive_decompress function within libfreerdp/codec/progressive.c. The issue stems from incorrect calculations of nXSrc and nYSrc variables, which can lead to an out-of-bounds write condition. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 CRITICAL by NIST NVD, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability affects FreeRDP-based clients only, while FreeRDP proxy is not affected as image decoding is not performed by the proxy. When exploited, this vulnerability can lead to out-of-bounds write operations, potentially resulting in program crashes or arbitrary code execution (GitHub Advisory).

The vulnerability has been fixed in FreeRDP versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade to these or later versions. There are no known workarounds for this vulnerability other than upgrading to a patched version (Debian LTS).

Multiple Linux distributions have responded to this vulnerability by releasing security updates, including Debian, Fedora, and Gentoo. Fedora has released version 2.11.1-1 for Fedora 37, 38, and 39 to address this and other vulnerabilities (Fedora Update).