CVE-2020-11038
Published: 29 May 2020
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Priority
Status
Package | Release | Status |
---|---|---|
freerdp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
freerdp2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.1.1+dfsg1-0ubuntu0.18.04.1)
|
eoan |
Released
(2.1.1+dfsg1-0ubuntu0.19.10.1)
|
|
focal |
Released
(2.1.1+dfsg1-0ubuntu0.20.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.1.1+dfsg1-1)
|
|
xenial |
Does not exist
|
|
Patches: upstream: https://github.com/FreeRDP/FreeRDP/commit/06c32f170093a6ecde93e3bc07fed6a706bfbeb3 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.4 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |