PT-2020-2560 · Freerdp+6 · Freerdp+6

Bmiklautz

Published

2020-04-09

Updated

2024-06-15

CVE-2020-11040

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions FreeRDP versions 2.0.0 and earlier

Description The issue is related to an out-of-bound data read from memory in the clear decompress subcode rlex function, which can be visualized on screen as color. This can potentially allow a remote attacker to cause a denial of service.

Recommendations For FreeRDP versions 2.0.0 and earlier, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the clear decompress subcode rlex function until a patch is applied.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:4647

ALT-PU-2020-1941

ALT-PU-2020-1960

BDU:2020-02589

CESA-2020_4031

CESA-2020_4647

CVE-2020-11040

DLA-3606-1

GHSA-X4WQ-M7C9-RJGR

MGASA-2020-0297

OPENSUSE-SU-2020:1090-1

OPENSUSE-SU-2020_1090-1

OPENSUSE-SU-2024:10768-1

RHSA-2020:4031

RHSA-2020:4647

RHSA-2020_4031

RHSA-2020_4647

RLSA-2020:4647

SUSE-SU-2020:2032-1

SUSE-SU-2020:2068-1

SUSE-SU-2020:2272-1

Affected Products

Alt Linux

Almalinux

Centos

Freerdp

Red Hat

Rocky Linux

Suse

PT-2020-2560 · Freerdp+6 · Freerdp+6

CVE-2020-11040

Weakness Enumeration

Related Identifiers

Affected Products

References · 213