CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11098 – Out-of-bound read in glyph_cache_put in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11098
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límite en glyph_cache_put. Esto afecta a todos los clientes de FreeRDP con la opción "+glyph-cache" habilitada. Esto es corregido en la versión 2.1.2 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html http://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11099 – OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11099
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en license_read_new_or_upgrade_license_packet. Un paquete de licencia manipulado puede conllevar a lecturas fuera del limite en un búfer interno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html http://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4030 – OOB read in `TrioParse` in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4030
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en TrioParse. El registro puede omitir las comprobaciones de longitud de cadena debido a un desbordamiento de enteros. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html http://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4033 – OOB Read in RLEDECOMPRESS in FreeRDP
https://notcve.org/view.php?id=CVE-2020-4033
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. En FreeRDP versiones anteriores a 2.1.2, se presenta una lectura fuera de límites en RLEDECOMPRESS. Todos los clientes basados ?? • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html http://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ https://lists.fedoraproject.org/archives/list&#x • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11017 – Double free in cliprdr_server_receive_capabilities in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11017
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, al proporcionar una entrada manipulada un cliente malicioso puede crear una condición de doble liberación y bloquear el servidor. Esto está corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html • CWE-415: Double Free •