CVE-2020-11089
Published: 29 May 2020
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
freerdp Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
freerdp2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.1.1+dfsg1-1)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(2.1.1+dfsg1-1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(2.1.1+dfsg1-1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.1.1+dfsg1-0ubuntu0.20.04.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.1.1+dfsg1-0ubuntu0.18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16 Upstream: https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7 |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS does not build a server library. This is simply a client denial of service that has a negligible security impact. |