CVE-2020-13397 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read CWE-476 — NULL Pointer Dereference12 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 72.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedMay 22

Latest updateMay 24

Description

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfreerdp/freerdp< 2.1.1

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g35v-3fjw-w5pj: An issue was discovered in FreeRDP before 2↗2022-05-24

▶

CVEList

CVE-2020-13397: An issue was discovered in FreeRDP before 2↗2020-05-22

▶

OSV

CVE-2020-13397: An issue was discovered in FreeRDP before 2↗2020-05-22

▶

📋Vendor Advisories

Ubuntu

FreeRDP vulnerabilities↗2020-11-26

▶

Ubuntu

FreeRDP vulnerabilities↗2020-06-04

▶

Ubuntu

FreeRDP vulnerabilities↗2020-06-01

▶

Red Hat

freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c↗2020-05-22

▶

Debian

CVE-2020-13397: freerdp2 - An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vul...↗2020

▶

💬Community

Bugzilla

CVE-2020-13397 freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c [epel-all]↗2020-05-28

▶

Bugzilla

CVE-2020-13397 freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c↗2020-05-28

▶

Bugzilla

CVE-2020-13397 freerdp1.2: freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c [fedora-all]↗2020-05-28

▶