Published: 07/05/2020 Updated: 24/10/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 2.2 | Impact Score: 1.4 | Exploitability Score: 0.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

In FreeRDP greater than 1.2 and prior to 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freerdp freerdp
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
debian debian linux 10.0

Synopsis Moderate: freerdp and vinagre security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for freerdp and vinagre is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...

Several security issues were fixed in FreeRDP ...

In FreeRDP less than or equal to 200, a possible resource exhaustion vulnerability can be performed Malicious clients could trigger out of bound reads causing memory allocation with random size This has been fixed in 210 (CVE-2020-11018) In FreeRDP less than or equal to 200, when running with logger set to "WLOG_TRACE", a possible crash of ...

A double-free issue has been found in FreeRDP before 200 ...

CWE-415 https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w https://github.com/FreeRDP/FreeRDP/issues/6013 https://usn.ubuntu.com/4379-1/https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/errata/RHSA-2020:4647 https://usn.ubuntu.com/4379-1/https://nvd.nist.gov

CVE-2020-11044

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect