PT-2020-5649 · Freerdp+4 · Freerdp+4

Akallabeth

Published

2020-06-22

Updated

2024-06-15

CVE-2020-4031

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.1.2

Description The issue is related to a use-after-free error in the gdi SelectObject component of the FreeRDP protocol implementation. This error occurs when memory is accessed after it has been freed. Exploitation of this issue could allow a remote attacker to cause a denial of service. All FreeRDP clients using compatibility mode with the /relax-order-checks option are affected.

Recommendations For FreeRDP versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider disabling the compatibility mode with /relax-order-checks to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-2225

ALT-PU-2020-2232

BDU:2021-01349

CVE-2020-4031

DLA-3606-1

GHSA-GWCQ-HPQ2-M74G

MGASA-2020-0297

OPENSUSE-SU-2020:1090-1

OPENSUSE-SU-2020_1090-1

OPENSUSE-SU-2024:10768-1

SUSE-SU-2020:2032-1

SUSE-SU-2020:2068-1

SUSE-SU-2020:2272-1

USN-4481-1

Affected Products

Alt Linux

Freerdp

Linuxmint

Suse

Ubuntu

PT-2020-5649 · Freerdp+4 · Freerdp+4

CVE-2020-4031

Weakness Enumeration

Related Identifiers

Affected Products

References · 168