Published: 07/05/2020 Updated: 24/10/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 2.2 | Impact Score: 1.4 | Exploitability Score: 0.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

In FreeRDP after 1.1 and prior to 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freerdp freerdp
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
debian debian linux 10.0

Synopsis Moderate: freerdp and vinagre security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for freerdp and vinagre is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...

Several security issues were fixed in FreeRDP ...

In FreeRDP less than or equal to 200, a possible resource exhaustion vulnerability can be performed Malicious clients could trigger out of bound reads causing memory allocation with random size This has been fixed in 210 (CVE-2020-11018) In FreeRDP less than or equal to 200, when running with logger set to "WLOG_TRACE", a possible crash of ...

An out-of-bounds read has been found in FreeRDP before 200 ...

CWE-125 https://github.com/FreeRDP/FreeRDP/issues/6008 https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr https://github.com/FreeRDP/FreeRDP/pull/6019 https://usn.ubuntu.com/4379-1/https://usn.ubuntu.com/4382-1/https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/errata/RHSA-2020:4647 https://nvd.nist.gov https://usn.ubuntu.com/4379-1/

CVE-2020-11049

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect