CVE-2020-11058 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Freerdp
Severity
2.2LOWNVD
EPSS
0.1%
top 68.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 12
Latest updateNov 26
Description
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 0.7 | Impact: 1.4
Affected Packages2 packages
Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.10, 20.04
Patches
🔴Vulnerability Details
2📋Vendor Advisories
9💬Community
3Bugzilla▶
CVE-2020-11058 freerdp: a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read [epel-all]↗2020-05-14
Bugzilla▶
CVE-2020-11058 freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read↗2020-05-14
Bugzilla▶
CVE-2020-11058 freerdp1.2: freerdp: a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read [fedora-all]↗2020-05-14