CVE-2020-11038

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

24 Oct 2023, 15:31

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory
First Time Debian debian Linux
Debian
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

07 Oct 2023, 21:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html -
CWE CWE-190 CWE-680

Information

Published : 2020-05-29 19:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-11038

Mitre link : CVE-2020-11038

CVE.ORG link : CVE-2020-11038


JSON object : View

Products Affected

opensuse

  • leap

debian

  • debian_linux

freerdp

  • freerdp
CWE
CWE-680

Integer Overflow to Buffer Overflow

CWE-190

Integer Overflow or Wraparound