CVE-2020-11043 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

2.7LOWNVD

CNA2.2

EPSS

0.1%

top 66.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Linux Opensuse Leap

Timeline

PublishedMay 29

Latest updateJun 17

Description

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

▶NVDfreerdp/freerdp< 2.1.0

▶CVEListV5freerdp/freerdp2.0.0

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Out-of-bounds Read in FreeRDP↗2020-05-29

▶

OSV

CVE-2020-11043: In FreeRDP less than or equal to 2↗2020-05-29

▶

📋Vendor Advisories

Red Hat

freerdp: out of bound read in rfx_process_message_tileset↗2020-04-09

▶

Debian

CVE-2020-11043: freerdp2 - In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_pr...↗2020

▶

💬Community

Bugzilla

CVE-2020-11043 freerdp1.2: freerdp: out of bound read in rfx_process_message_tileset [fedora-all]↗2020-06-17

▶

Bugzilla

CVE-2020-11043 freerdp: out of bound read in rfx_process_message_tileset↗2020-06-17

▶

Bugzilla

CVE-2020-11043 freerdp: out of bound read in rfx_process_message_tileset [fedora-all]↗2020-06-17

▶