PT-2020-2563 · Freerdp+2 · Freerdp+2

Bmiklautz

Published

2020-05-10

Updated

2024-06-15

CVE-2020-11017

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions 2.0.0 and earlier

Description The issue is related to a double free condition error in the FreeRDP protocol implementation. By providing manipulated input, a malicious client can create this condition, potentially allowing a remote attacker to cause a denial of service, crashing the server.

Recommendations For FreeRDP versions 2.0.0 and earlier, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2020-1941

ALT-PU-2020-1960

BDU:2020-02592

CVE-2020-11017

DLA-3606-1

GHSA-Q5C8-FM29-Q57C

MGASA-2020-0297

OPENSUSE-SU-2020:1090-1

OPENSUSE-SU-2020_1090-1

OPENSUSE-SU-2024:10768-1

SUSE-SU-2020:2032-1

SUSE-SU-2020:2068-1

SUSE-SU-2020:2272-1

Affected Products

Alt Linux

Freerdp

Suse

PT-2020-2563 · Freerdp+2 · Freerdp+2

CVE-2020-11017

Weakness Enumeration

Related Identifiers

Affected Products

References · 153