Cyber Resilience

CVE-2021-41160

Medium

Published: 21 October 2021

Published
21 October 2021
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
EPSS Score 0.0011 29.7th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-41160 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Fedoraproject Fedora. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics…

more

updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

freerdp
freerdp
≤ 2.4.1
fedoraproject
fedora
33, 34, 35

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References