CVE-2020-11038

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:56

Type Values Removed Values Added
CVSS v2 : 5.5
v3 : 5.4
v2 : 5.5
v3 : 6.9
References () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Mailing List, Third Party Advisory
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g - Third Party Advisory () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory

24 Oct 2023, 15:31

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
First Time Debian debian Linux
Debian
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory

07 Oct 2023, 21:15

Type Values Removed Values Added
CWE CWE-190 CWE-680
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html -

Information

Published : 2020-05-29 19:15

Updated : 2024-11-21 04:56


NVD link : CVE-2020-11038

Mitre link : CVE-2020-11038

CVE.ORG link : CVE-2020-11038


JSON object : View

Products Affected

freerdp

  • freerdp

debian

  • debian_linux

opensuse

  • leap
CWE
CWE-680

Integer Overflow to Buffer Overflow

CWE-190

Integer Overflow or Wraparound