Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2020-13397

Published: 22/05/2020 Updated: 24/10/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Freerdp

Vulnerability Summary

An issue exists in FreeRDP prior to 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freerdp freerdp

debian debian linux 9.0

debian debian linux 10.0

opensuse leap 15.1

canonical ubuntu linux 19.10

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

Vendor Advisories

Red Hat: Moderate: freerdp and vinagre security, bug fix, and enhancement update
Synopsis Moderate: freerdp and vinagre security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for freerdp and vinagre is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Ubuntu Security Notice: freerdp2 vulnerabilities
Several security issues were fixed in FreeRDP ...
Ubuntu Security Notice: freerdp vulnerabilities
Several security issues were fixed in FreeRDP ...
Amazon Linux 2: ALAS2-2020-1516
In FreeRDP less than or equal to 200, a possible resource exhaustion vulnerability can be performed Malicious clients could trigger out of bound reads causing memory allocation with random size This has been fixed in 210 (CVE-2020-11018) In FreeRDP less than or equal to 200, when running with logger set to "WLOG_TRACE", a possible crash of ...
Arch Linux Issues:
An issue was discovered in FreeRDP before 211 An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/securityc due to an uninitialized value ...

References

CWE-125https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69https://usn.ubuntu.com/4379-1/https://usn.ubuntu.com/4382-1/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00054.htmlhttps://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlhttps://access.redhat.com/errata/RHSA-2020:4647https://usn.ubuntu.com/4379-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook