CVE-2020-11038

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:56

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Mailing List, Third Party Advisory
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g - Third Party Advisory () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory
CVSS v2 : 5.5
v3 : 5.4
v2 : 5.5
v3 : 6.9

14 Sep 2021, 18:15

Type Values Removed Values Added
CPE cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CWE CWE-787
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Mailing List, Third Party Advisory

Information

Published : 2020-05-29 19:15

Updated : 2024-11-21 04:56


NVD link : CVE-2020-11038

Mitre link : CVE-2020-11038

CVE.ORG link : CVE-2020-11038


JSON object : View

Products Affected

debian

  • debian_linux

freerdp

  • freerdp

opensuse

  • leap
CWE
CWE-680

Integer Overflow to Buffer Overflow

CWE-190

Integer Overflow or Wraparound