CVE-2020-11046 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Freerdp
Severity
2.2LOWNVD
CNA5.5
EPSS
0.1%
top 68.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 7
Latest updateNov 26
Description
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 0.7 | Impact: 1.4
Affected Packages2 packages
Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.10, 20.04
Patches
🔴Vulnerability Details
2📋Vendor Advisories
5💬Community
4Bugzilla▶
CVE-2020-11046 freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read↗2020-05-13
Bugzilla▶
CVE-2020-11046 freerdp1.2: freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read [fedora-all]↗2020-05-13
Bugzilla▶
CVE-2020-11046 freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read [epel-all]↗2020-05-13
Bugzilla▶
CVE-2020-11046 freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read [fedora-all]↗2020-05-13