CVE-2020-11039
Description
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
EPSS Score
Exploitation Probability
0.184
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.i686.rpm | Linux |
| (RHSA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.i686.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update freerdp-libs-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-2.1.1-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4031) freerdp security, bug fix, and enhancement update libwinpr-devel-2.1.1-2.el7.x86_64.rpm | Linux |
| freerdp and vinagre security, bug fix, and enhancement update (RLSA-2020:4647) vinagre-3.22.0-23.el8.x86_64.rpm | Linux |
| Freerdp update (ELSA-2020-4647) freerdp-2.1.1-1.el8.x86_64.rpm | Linux |
| Freerdp-libs update (ELSA-2020-4647) freerdp-libs-2.1.1-1.el8.i686.rpm | Linux |
| Freerdp-libs update (ELSA-2020-4647) freerdp-libs-2.1.1-1.el8.x86_64.rpm | Linux |
| Libwinpr update (ELSA-2020-4647) libwinpr-2.1.1-1.el8.i686.rpm | Linux |
| Libwinpr update (ELSA-2020-4647) libwinpr-2.1.1-1.el8.x86_64.rpm | Linux |
| Libwinpr-devel update (ELSA-2020-4647) libwinpr-devel-2.1.1-1.el8.i686.rpm | Linux |
| Libwinpr-devel update (ELSA-2020-4647) libwinpr-devel-2.1.1-1.el8.x86_64.rpm | Linux |
| Vinagre update (ELSA-2020-4647) vinagre-3.22.0-23.el8.x86_64.rpm | Linux |
| Moderate: freerdp and vinagre security, bug fix, and enhancement update vinagre-3.22.0-23.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234