PT-2020-2558 · Freerdp+6 · Freerdp+6

Bmiklautz

Published

2020-04-09

Updated

2024-06-15

CVE-2020-11038

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.1.0

Description The issue is caused by an integer overflow in size calculation when using /video redirection, allowing a manipulated server to instruct the client to allocate a buffer with a smaller size than requested. The server can then manipulate the client to write data out of bounds to the previously allocated buffer. This can potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations For FreeRDP versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the /video redirection feature until a patch is available. Restrict access to the vulnerable client to minimize the risk of exploitation. Avoid using the affected /video redirection functionality in the client until the issue is resolved.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-680

Related Identifiers

ALSA-2020:4647

ALT-PU-2020-1941

ALT-PU-2020-1960

BDU:2020-02587

CESA-2020_4031

CESA-2020_4647

CVE-2020-11038

DLA-3606-1

GHSA-H25X-CQR6-FP6G

MGASA-2020-0297

OPENSUSE-SU-2020:1090-1

OPENSUSE-SU-2020_1090-1

OPENSUSE-SU-2024:10768-1

RHSA-2020:4031

RHSA-2020:4647

RHSA-2020_4031

RHSA-2020_4647

RLSA-2020:4647

SUSE-SU-2020:2032-1

SUSE-SU-2020:2068-1

SUSE-SU-2020:2272-1

Affected Products

Alt Linux

Almalinux

Centos

Freerdp

Red Hat

Rocky Linux

Suse

PT-2020-2558 · Freerdp+6 · Freerdp+6

CVE-2020-11038

Weakness Enumeration

Related Identifiers

Affected Products

References · 211