CVE-2020-11038
Last modified
CVE-2020-11038 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. EPSS estimates a 1.35% chance of exploitation in the next 30 days.
Description
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freerdp | Freerdp | < 2.1.0 |
| Opensuse | Leap | 15.1 |
| Debian | Debian Linux | 10.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlMailing List, Third Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6gThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlMailing List, Third Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6gThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11038?
How severe is CVE-2020-11038?
How do I fix CVE-2020-11038?
Are you affected by CVE-2020-11038?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST