CVE-2020-4030 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read CWE-190 — Integer Overflow or Wraparound9 documents7 sources

Severity

6.5MEDIUMNVD

CNA3.5

EPSS

0.0%

top 88.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Canonical Ubuntu Linux Debian Linux +2 more

Timeline

PublishedJun 22

Latest updateSep 1

Description

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5freerdp/freerdp< 2.1.2

▶NVDfreerdp/freerdp< 2.1.2

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, Fedora 31, 32, Ubuntu Linux 18.04, 20.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-4030: In FreeRDP before version 2↗2020-06-22

▶

CVEList

OOB read in `TrioParse` in FreeRDP↗2020-06-22

▶

📋Vendor Advisories

Ubuntu

FreeRDP vulnerabilities↗2020-09-01

▶

Red Hat

freerdp: out of bounds read in TrioParse↗2020-06-22

▶

Debian

CVE-2020-4030: freerdp2 - In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Lo...↗2020

▶

💬Community

Bugzilla

CVE-2020-4030 freerdp: out of bounds read in TrioParse [epel-all]↗2020-07-08

▶

Bugzilla

CVE-2020-4030 freerdp: out of bounds read in TrioParse↗2020-07-08

▶

Bugzilla

CVE-2020-4030 freerdp: out of bounds read in TrioParse [fedora-all]↗2020-07-08

▶