PT-2020-2562 · Freerdp+6 · Freerdp+6

Bmiklautz

Published

2020-04-09

Updated

2024-06-15

CVE-2020-11019

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.1.0

Description The issue is caused by a read of an invalid array index when FreeRDP is run with the logger set to "WLOG TRACE". This could lead to a possible application crash, and data could be printed as a string to a local terminal. The problem arises due to an out-of-bounds buffer read.

Recommendations For FreeRDP versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider avoiding the use of the "WLOG TRACE" logger setting until the update is applied.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:4647

ALT-PU-2020-1941

ALT-PU-2020-1960

BDU:2020-02591

CESA-2020_4031

CESA-2020_4647

CVE-2020-11019

DLA-3606-1

GHSA-WVRR-2F4R-HJVH

MGASA-2020-0297

OPENSUSE-SU-2020:1090-1

OPENSUSE-SU-2020_1090-1

OPENSUSE-SU-2024:10768-1

RHSA-2020:4031

RHSA-2020:4647

RHSA-2020_4031

RHSA-2020_4647

RLSA-2020:4647

SUSE-SU-2020:2032-1

SUSE-SU-2020:2068-1

SUSE-SU-2020:2272-1

Affected Products

Alt Linux

Almalinux

Centos

Freerdp

Red Hat

Rocky Linux

Suse

PT-2020-2562 · Freerdp+6 · Freerdp+6

CVE-2020-11019

Weakness Enumeration

Related Identifiers

Affected Products

References · 213