CVE-2020-15103Integer Overflow to Buffer Overflow in Freerdp

CWE-680Integer Overflow to Buffer OverflowCWE-190Integer Overflow or Wraparound9 documents7 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 50.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
FreerdpCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedJul 27
Latest updateSep 1

Description

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages3 packages

CVEListV5freerdp/freerdp2.1.2
NVDfreerdp/freerdp2.1.2
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, Fedora 31, 32, Ubuntu Linux 18.04, 20.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
CVEList
Integer Overflow in FreeRDP2020-07-27
OSV
CVE-2020-15103: In FreeRDP less than or equal to 22020-07-27

📋Vendor Advisories

3
Ubuntu
FreeRDP vulnerabilities2020-09-01
Red Hat
freerdp: integer overflow due to missing input sanitation in rdpegfx channel2020-07-20
Debian
CVE-2020-15103: freerdp2 - In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missin...2020

💬Community

3
Bugzilla
CVE-2020-15103 freerdp: integer overflow due to missing input sanitation in rdpegfx channel [epel-all]2020-07-20
Bugzilla
CVE-2020-15103 freerdp: integer overflow due to missing input sanitation in rdpegfx channel [fedora-all]2020-07-20
Bugzilla
CVE-2020-15103 freerdp: integer overflow due to missing input sanitation in rdpegfx channel2020-07-20
CVE-2020-15103 — Integer Overflow to Buffer Overflow | cvebase