PT-2020-12506 · Freerdp+6 · Freerdp+6

Bmiklautz

Published

2020-03-31

Updated

2023-10-24

CVE-2020-11042

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions FreeRDP versions 1.1 through 1.9

Description The issue is an out-of-bounds read in the update read icon info function. This allows an attacker to read a defined amount of client memory, up to 4GB, into an intermediate buffer. The impact can be crashing the client or storing information for later retrieval.

Recommendations For FreeRDP versions 1.1 through 1.9, update to version 2.0.0 to resolve the issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:4647

CESA-2020_4031

CESA-2020_4647

CVE-2020-11042

DLA-2356-1

DLA-3606-1

GHSA-9JP6-5VF2-CX2Q

MGASA-2020-0297

OESA-2021-1008

RHSA-2020:4031

RHSA-2020:4647

RHSA-2020_4031

RHSA-2020_4647

RLSA-2020:4647

USN-4379-1

USN-4382-1

USN-4382-2

Affected Products

Almalinux

Centos

Freerdp

Linuxmint

Red Hat

Rocky Linux

Ubuntu

PT-2020-12506 · Freerdp+6 · Freerdp+6

CVE-2020-11042

Weakness Enumeration

Related Identifiers

Affected Products

References · 154