Untriaged
Permalink
CVE-2025-4478
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Gnome-remote-desktop: unauthenticated rdp packet causes segfault in gnome-remote-desktop leading to denial of service
A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
References
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- RHSA-2025:9307 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9307 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://github.com/FreeRDP/FreeRDP/pull/11573
- RHSA-2025:9307 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://github.com/FreeRDP/FreeRDP/pull/11573
- RHSA-2025:9307 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://github.com/FreeRDP/FreeRDP/pull/11573
- RHSA-2025:9307 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://github.com/FreeRDP/FreeRDP/pull/11573
- RHSA-2025:9307 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-4478 x_refsource_REDHAT vdb-entry
- RHBZ#2365232 issue-tracking x_refsource_REDHAT
- https://github.com/FreeRDP/FreeRDP/pull/11573
Affected products
freerdp
- <3.16.0
- *
gnome-remote-desktop
Matching in nixpkgs
pkgs.gnome-remote-desktop
GNOME Remote Desktop server
-
nixos-unstable -
- nixpkgs-unstable 48.1
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>