CVE-2020-11040 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

2.7LOWNVD

CNA2.2

EPSS

0.1%

top 69.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Linux Opensuse Leap

Timeline

PublishedMay 29

Latest updateJun 17

Description

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

▶NVDfreerdp/freerdp< 2.1.0

▶CVEListV5freerdp/freerdp2.0.0

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

CVEList

Out-of-bounds Read in FreeRDP↗2020-05-29

▶

OSV

CVE-2020-11040: In FreeRDP less than or equal to 2↗2020-05-29

▶

📋Vendor Advisories

Red Hat

freerdp: Out of bound access in clear_decompress_subcode_rlex↗2020-04-09

▶

Debian

CVE-2020-11040: freerdp2 - In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from ...↗2020

▶

💬Community

Bugzilla

CVE-2020-11040 freerdp1.2: freerdp: Out of bound access in clear_decompress_subcode_rlex [fedora-all]↗2020-06-17

▶

Bugzilla

CVE-2020-11040 freerdp: Out of bound access in clear_decompress_subcode_rlex [fedora-all]↗2020-06-17

▶

Bugzilla

CVE-2020-11040 freerdp: Out of bound access in clear_decompress_subcode_rlex↗2020-06-17

▶