CVE-2020-11018 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 55.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Linux Opensuse Leap

Timeline

PublishedMay 29

Latest updateJun 17

Description

In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5freerdp/freerdp2.0.0

▶NVDfreerdp/freerdp2.0.0

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2020-11018: In FreeRDP less than or equal to 2↗2020-05-29

▶

CVEList

Out of bound read in cliprdr_server_receive_capabilities in FreeRDP↗2020-05-29

▶

📋Vendor Advisories

Red Hat

freerdp: Out of bound read in cliprdr_server_receive_capabilities↗2020-04-09

▶

Debian

CVE-2020-11018: freerdp2 - In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerabi...↗2020

▶

💬Community

Bugzilla

CVE-2020-11018 freerdp1.2: freerdp: Out of bound read in cliprdr_server_receive_capabilities [fedora-all]↗2020-06-17

▶

Bugzilla

CVE-2020-11018 freerdp: Out of bound read in cliprdr_server_receive_capabilities↗2020-06-17

▶

Bugzilla

CVE-2020-11018 freerdp: Out of bound read in cliprdr_server_receive_capabilities [fedora-all]↗2020-06-17

▶