CVE-2020-11038
Description
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS Score
Exploitation Probability
0.184
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| freerdp and vinagre security, bug fix, and enhancement update (RLSA-2020:4647) vinagre-3.22.0-23.el8.x86_64.rpm | Linux |
| Freerdp update (ELSA-2020-4647) freerdp-2.1.1-1.el8.x86_64.rpm | Linux |
| Freerdp-libs update (ELSA-2020-4647) freerdp-libs-2.1.1-1.el8.i686.rpm | Linux |
| Freerdp-libs update (ELSA-2020-4647) freerdp-libs-2.1.1-1.el8.x86_64.rpm | Linux |
| Libwinpr update (ELSA-2020-4647) libwinpr-2.1.1-1.el8.i686.rpm | Linux |
| Libwinpr update (ELSA-2020-4647) libwinpr-2.1.1-1.el8.x86_64.rpm | Linux |
| Libwinpr-devel update (ELSA-2020-4647) libwinpr-devel-2.1.1-1.el8.i686.rpm | Linux |
| Libwinpr-devel update (ELSA-2020-4647) libwinpr-devel-2.1.1-1.el8.x86_64.rpm | Linux |
| Vinagre update (ELSA-2020-4647) vinagre-3.22.0-23.el8.x86_64.rpm | Linux |
| Moderate: freerdp and vinagre security, bug fix, and enhancement update vinagre-3.22.0-23.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234