CVE-2020-11019 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.4%

top 40.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Linux Opensuse Leap

Timeline

PublishedMay 29

Latest updateJun 17

Description

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDfreerdp/freerdp< 2.1.0

▶CVEListV5freerdp/freerdp2.0.0

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

CVEList

Out of bound read in update_recv in FreeRDP↗2020-05-29

▶

OSV

CVE-2020-11019: In FreeRDP less than or equal to 2↗2020-05-29

▶

📋Vendor Advisories

Red Hat

freerdp: Out of bound read in update_recv could result in a crash↗2020-04-09

▶

Debian

CVE-2020-11019: freerdp2 - In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TR...↗2020

▶

💬Community

Bugzilla

CVE-2020-11019 freerdp: Out of bound read in update_recv could result in a crash↗2020-06-17

▶

Bugzilla

CVE-2020-11019 freerdp1.2: freerdp: Out of bound read in update_recv could result in a crash [fedora-all]↗2020-06-17

▶

Bugzilla

CVE-2020-11019 freerdp: Out of bound read in update_recv could result in a crash [fedora-all]↗2020-06-17

▶